PlayerTwo

Iā€™m a little lost how to enumerate t****

Got a set of creds, no idea how to deal with TOTP.

Is some form of brute forcing needed to identify the t---- paths on that port it is on? That does not feel like the right approach. Or have I failed to discover something in recon elsewhere?

Always happens. Once I finally ā€œgive inā€ to ask a question, I figure something out.

The subtle shoutouts amuse me.

If you have done the first general scans. Creds do not require brute force. Iā€™m thinking of the next step.

Type your comment> @IhsanSencan said:

If you have done the first general scans. Creds do not require brute force. Iā€™m thinking of the next step.

I went back in notes and noticed few overlooked clues in recon. Tried them and found way to get creds. Those do not work in the obvious page one would try them.

Hrm.

Type your comment> @trollzorftw said:

Got all the creds but 2fa is walling me :confused:

Iā€™m in the same situation. Iā€™ve gotten all the credentials, but once I find a set that works, OTP is killing me. Iā€™ve been going back over my recon and looking for something I missed or places to try more recon, but so far Iā€™ve got nothing. :frowning:

Type your comment> @jfx41 said:

Type your comment> @trollzorftw said:

Got all the creds but 2fa is walling me :confused:

Iā€™m in the same situation. Iā€™ve gotten all the credentials, but once I find a set that works, OTP is killing me. Iā€™ve been going back over my recon and looking for something I missed or places to try more recon, but so far Iā€™ve got nothing. :frowning:

all the creds. ā€¦ Dā€™Oh!

Iā€™m not down with OTP.

Type your comment> @f00l8r1t3 said:

Iā€™m not down with OTP.

Apparently neither am I. :frowning:

As always I do thereā€™s no bruteforcing needed and thereā€™s no social engineering involved. What you needed is already there. Keep playing the Game :slight_smile:

hosts

I canā€™t connect to 8***, is it a loophole or my internet connection?
Thanks.

does anyone have resources on pentesting 8*** because i wanna learn more about this ?
Thanks in advance

Found a binary, looks interesting. Wonder how itā€™s meant to be run.

Found 8***, tried different injections on the forms, tried running a dict against the tp stuff (POST and GET, no joy on either). Played around with the sessid stuff, but that did go anywhere. S**-S****S throwing a 403 looks interesting, but im not sure how to get into it. Hunted through all the source of both sites and didnt find anything juicy. I feel lime im missing some really simple stuff.

Anyone have any pointers or ideas? Im not thinking outside the tesseract I guess :stuck_out_tongue:

Type your comment> @emmycat said:

Anyone have any pointers or ideas? Im not thinking outside the tesseract I guess :stuck_out_tongue:

Did you look at a raw response from 8****?

Edit: There is a distinct and unique keyword in that response that would be a useful Google keyword

Type your comment> @f00l8r1t3 said:

Type your comment> @emmycat said:

Anyone have any pointers or ideas? Im not thinking outside the tesseract I guess :stuck_out_tongue:

Did you look at a raw response from 8****?

Iā€™m in the same shoe, maybe Iā€™m querying the 8*** wrong, but it is just an error that there is no path existing at the root. Must be missing something obvious but all the enumeration steps I usually do doesnā€™t come back with anything.

Same spot. Nothing in the raw response stands outā€¦maybe I am missing something or lacking a specific techniqueā€¦but a nudge in the thread or a PM would be nice :slight_smile:

I put that raw into Google and it only came up with one pageā€¦am I in the right place or just noobing my way through this?

Rooted using unintended method. Iā€™ll go back and do it legit in a couple of days, but until then hereā€™s my hints for the foothold:
Find all running services, then read the docs
You might have found an interesting dir, try and find a file inside of it.
Once you have access, the first thing you get may not be right. Try a few times and youā€™ll spot a pattern.
To bypass the protections, go back to something that should have come up in enumeration. A bit of guessing will get you what you need.
Experiment and extract. You may find certain things which overcomplicate it, but itā€™s simpler than it looks (not much though).