Luke

Type your comment> @grobister said:

Hi Guys. fairly new here. finally got it.
Took me a couple of hours. I know JWT quite well use it regularly in my projects.

Without giving away it was the “guessing” that took me the longest.

Yeap guessing took up 2 hours of “enumeration”. Rooting took like 10 mins. Not sure how I feel about the box but it was interesting enough I guess.

@oannes said:
Hey fellas, I am having some problems with the c***.
It should be easy according to everybody else but I am missing something.

Tried different aliases for username as suggested by others
Tried probably every possible variation of the syntax on the medium page combined with the c****.*** info

but I always get bad request. without the fancy payload bits I get please auth response. so I should be doing something wrong there. Could you help a newb out?

Bad request means your c*** request has errors. Once you get forbidden you can start guessing.

Done and dusted.
Thanks to @ilezu post on page 14. Why did I think it was only a folder?

Learned a lot on this box, thx @H4d3s. Great box!

Just got it. Feel free to PM for hint.

This machine sorta F’ed me over quite a bit, it took very little time from the point where i actually found the first creds file.
My issue ended up being that it wasn’t as much about enumeration tool but what lists were used. I used quite a few including constructing a few from various stuff on the page etc.

having done the craft box before this one made the 3000 part a lot easier then what it could be.

root = way to easy, pitty

but I appreciate the effort put into this box by @H4d3s

Very straightforward box - shoot me a message if you need a nudge. :smiley:

This is my first HackTheBox machine, and I am completely stuck. I have only found open ports (including 8*** and 3***) and file from ftp server, that doesn’t mean anything to me.
Any help?

Type your comment> @nbcrypto said:

This is my first HackTheBox machine, and I am completely stuck. I have only found open ports (including 8*** and 3***) and file from ftp server, that doesn’t mean anything to me.
Any help?

Try to do dirsearch and dig the secret at the odd port. You know, JWT is important

Could anyone shoot me a PM to help get my P*** token in c*** working? I’m at my wits end figuring it out (curl n00b)

Very frustrating box and pretty straightforward once you get the initial foothold. It is just some credentials reuse stuff…
To get the initial foothold easily, don’t be like me and sometimes, try to add some file extensions to your enumeration dictionary.
I saw that a lot of people are not confident enough with curl syntax in that thread. If so, just use something like Postman or Insomnia which are designed to handle REST api.
Be brave and try harder, you will do it :smile:

Rooted! PM if you need help

rooted.
user and root: once you get the creds from that port, yuo got root, root is way too easy.
PM for hints…

Heya,

I’m struggling with getting the a******** t*****. If anyone could offer assistance that would be great.

edit: Managed to finally get the sytax right on c*** not too long ago. Kinda silly, but whatever, box finished.

Team,

Good evening! Alright so I think I have found at least 1 credential in c*****.*, however, I am trying to use this credential to get my JWT and well, I am really getting my ■■■■ kicked by syntax. I have NO experience with cl. Please PM and I will send you the syntax Im using! Thanks in advance!

Can somebody PM me to give me a hint?

Got the DB cred and several Login pages.

Dont know what to “play” with the auth on port 3000.
Read the medium article, but I don’t know how to make this command sequence work.

Boom! ROOTED; Special thanks to @weeblix and @0xNoOne for your patience and help throughout!

For what its worth:

USER: Focus on that cl syntax and don’t get stuck trying the same USER over and over again. Once that is done, utilize the information you found during the enumeration and start teasing your logins. If you found the c***.p** you are on the right path.

ROOT: Soooooo, within 45 seconds of USER I gained ROOT so you do the math.

Nice box. A bit disappointing that Ajenti service is running by root user and you don’t have privesc flow. Reverse shell can be done but not necessary.
However I spend 1 day to figure out the curl sintaxy but time was a benefit because I also discovered the postman tool. Thumb up anyway for the JWT approache, it’s not very spread along the developers but industries such as banking are starting to use it.

Anyone have a minute to help? I am having a heck of a time getting a certain “Olympic sport” C*** command to work. Going crazy trying to get the t****. I don’t know if I am using the right credentials.

Type your comment> @l30n said:

Anyone have a minute to help? I am having a heck of a time getting a certain “Olympic sport” C*** command to work. Going crazy trying to get the t****. I don’t know if I am using the right credentials.

You can shoot me a PM, make sure to include everything you tried.

I need some help with the web-panel login, I do have all users & passwords enumerated. I also do have four login endpoints. I literally tried every combination, aswell as Lower-/-Uppercase ones. I also tried some other common usernames, with all passwords that I managed to get.

Anyone could give me a hint, on why the login wont work?
Thanks.