Player

Mmm

Congrats @mprox and @jkr nicely done.

Consider you are doing a real pentest and note everything you find even if its a minute error message. Keep a note of what u see in different vhosts and move further. Good luck

Do you need a good GPU for this box? :slight_smile:

No need of any fuzzing and bruteforcing. I hate them though

Type your comment> @MrR3boot said:

No need of any fuzzing and bruteforcing. I hate them though

no need for fuzzing content of vhosts?

@EnDeRuCn said:
Type your comment> @MrR3boot said:

No need of any fuzzing and bruteforcing. I hate them though

no need for fuzzing content of vhosts?

Yes for vhosts it is common. I meant for other stuff

Whoever done the box already please revisit once as unintended ways to root are patched and you can enjoy the hard ride to get root. I’m sure you love the Game now <3

Am I supposed to be getting a 403 on 80?

Yes everyone supposed to…

Type your comment> @YanTayga said:

Are we supposed to crack jwt?

I tried. Spent 20-30 minutes on it. Also MrR3boot said: He hates bruteforce.
I thinks it’s safe to assume: no.

you guys are to focues on the jwt part…and to focused on the brute forcing part…if you wanna brute force then brutre force, why ask other about theire opinion? isnt that the hole picture? u must practis to learn:D
however it took 3 minutes to get the login page. lets see whats in there

Personally, i really enjoyed this box. Although the initial foothold was a bit of a stretch. I appreciate the hint that was given, but I’m not sure it was enough to save certain poor souls. Overall, I believe it was a solid 9/10 of a box. I also highly recommend that people do not just take the easiest route as there are various different paths you can take to route this box, all of which have different difficulties and learning curves.

Thank you MrReboot for taking the time to make this box and big kudos for the vulnerabilities chosen. <3

Thanks @chivato glad that you had fun.

the first vulnerability / exploit was one of my favourites I’ve seen. Enjoyed the box :smile: thanks

I Need help user :[

Found some vhosts, found the “hints” to what is wrong with the site(s), found some names in an answer to a url request, found source of the countdown (client side), found a login. And stuck, next step unknown :smile:

I’ve found the hash for the IDE through another vuln. Do I need to crack/bruteforce this hash to login? I’ve tried rockyou, but that didn’t work.

Type your comment> @12thRockyou said:

the first vulnerability / exploit was one of my favourites I’ve seen. Enjoyed the box :smile: thanks

Yes, I know which one you are talking about, the exploit that stood out was very fun, but like I said, I still think the initial foothold was a bit of a stretch :slight_smile:

Type your comment> @12thRockyou said:

the first vulnerability / exploit was one of my favourites I’ve seen. Enjoyed the box :smile: thanks

Welcome.