I guess we might as well start a thread for this box. Good luck.
Good luck everyone.
Spotted an interesting service, but with no vulnerabilities/knowledge about the backend Iām not sure whatās meant to be done.
Is bruteforce needed on this box?
found an interesting t***p service, but still trying to figure out how to enumerate it, or if this is a rabbit hole?
Got all the creds but 2fa is walling me
Type your comment> @trollzorftw said:
Got all the creds but 2fa is walling me
Itās 1-2-3-4-5.
(edit: this is a reference to a movie gag, donāt mean to send anyone astray here)
Hum, getting a strange picture on a page, rabit hole ?
Iām a little lost how to enumerate t****
Got a set of creds, no idea how to deal with TOTP.
Is some form of brute forcing needed to identify the t---- paths on that port it is on? That does not feel like the right approach. Or have I failed to discover something in recon elsewhere?
Always happens. Once I finally āgive inā to ask a question, I figure something out.
The subtle shoutouts amuse me.
If you have done the first general scans. Creds do not require brute force. Iām thinking of the next step.
Type your comment> @IhsanSencan said:
If you have done the first general scans. Creds do not require brute force. Iām thinking of the next step.
I went back in notes and noticed few overlooked clues in recon. Tried them and found way to get creds. Those do not work in the obvious page one would try them.
Hrm.
Type your comment> @trollzorftw said:
Got all the creds but 2fa is walling me
Iām in the same situation. Iāve gotten all the credentials, but once I find a set that works, OTP is killing me. Iāve been going back over my recon and looking for something I missed or places to try more recon, but so far Iāve got nothing.
Type your comment> @jfx41 said:
Type your comment> @trollzorftw said:
Got all the creds but 2fa is walling me
Iām in the same situation. Iāve gotten all the credentials, but once I find a set that works, OTP is killing me. Iāve been going back over my recon and looking for something I missed or places to try more recon, but so far Iāve got nothing.
all the creds. ā¦ DāOh!
Iām not down with OTP.
Type your comment> @f00l8r1t3 said:
Iām not down with OTP.
Apparently neither am I.
As always I do thereās no bruteforcing needed and thereās no social engineering involved. What you needed is already there. Keep playing the Game
hosts
I canāt connect to 8***, is it a loophole or my internet connection?
Thanks.