PlayerTwo

I put that raw into Google and it only came up with one page…am I in the right place or just noobing my way through this?

Rooted using unintended method. I’ll go back and do it legit in a couple of days, but until then here’s my hints for the foothold:
Find all running services, then read the docs
You might have found an interesting dir, try and find a file inside of it.
Once you have access, the first thing you get may not be right. Try a few times and you’ll spot a pattern.
To bypass the protections, go back to something that should have come up in enumeration. A bit of guessing will get you what you need.
Experiment and extract. You may find certain things which overcomplicate it, but it’s simpler than it looks (not much though).

Type your comment> @clubby789 said:

Rooted using unintended method. I’ll go back and do it legit in a couple of days, but until then here’s my hints for the foothold:
Find all running services, then read the docs
You might have found an interesting dir, try and find a file inside of it.
Once you have access, the first thing you get may not be right. Try a few times and you’ll spot a pattern.
To bypass the protections, go back to something that should have come up in enumeration. A bit of guessing will get you what you need.
Experiment and extract. You may find certain things which overcomplicate it, but it’s simpler than it looks (not much though).

This makes tons of sense. Now I just need to find the right things :slight_smile: thanks man, you’re a rockstar of nudges.

Stuck at 2FA

Type your comment> @f00l8r1t3 said:

I’m not down with OTP.
Yeah know me!

ok

How to run Pr*****.*** file? Some hints please, thank you!

Try taking a ‘walk’ over the file and seeing what you can find
@manfromkz said:

How to run Pr*****.*** file? Some hints please, thank you!

I’ve now got user (properly!) so here’s my hints.

  • Watch running processes as usual
  • Spot something interesting
  • Use a script to tune in

Hmmm I’ve read through all of the t***p documentation to no avail. Wondering if there is maybe some hint I am missing as to what the “location” of a good enumeration point would be. Would it be helpful to go back and look at the original Player box?

Yeah, I’m with you @AcroTiger. The t**** docs gave me nothing to go off of. I understand exactly what everyone is referring to, and I understand how I am intended to communicate with it, but without a valid endpoint, how am I ever supposed to know where to start?

I’ve tried fuzzing for valid endpoints as well by response codes, and that was filtered and therefore useless.

Could use a nudge – been stuck at t**** since release.

Edit: I was fuzzing improperly. Check not only your wordlists, but your parameters. I was negligent where I shouldn’t have been. I didn’t need to filter response codes to get what I was looking for (if this is considered a spoiler, feel free to report).

@farbs Exactly. I tried using cewl to generate a wordlist and try to find valid endpoints that way, but always receive the same “bad_route” response… Anyways, good to see an “Omniscient” stuck at the same point I am :rofl:

@AcroTiger, @farbs, I thought I was going mad and missed something really obvious, so I’m pleased I’m not losing my mind and others are finding this difficult as well. Didn’t see anything in the material for t***p.

Type your comment> @phycomp said:

@AcroTiger, @farbs, I thought I was going mad and missed something really obvious, so I’m pleased I’m not losing my mind and others are finding this difficult as well. Didn’t see anything in the material for t***p.
In docs of this app you can find file type that determines how the application works (if you strugling to understand what is this file, look at examples in git repo)., and structure of client requests.
Docs tell how app works, no more. But nothing else is needed from them.

Guys, there is one endpoint and it.s in the definition of the service. LOOK CAREFULLY and see the examples in the docs. Think

Am I missing a hint for the service that complains about the missing parameters, or is it really just ‘guess the box’?

playing with 2FA service, always got missing parameter error. Is this guessing task or I am missing something?

@idomino said:
Am I missing a hint for the service that complains about the missing parameters, or is it really just ‘guess the box’?

I am also struggeling with that error message right now. And I think I tried a lot of possible parameters. Really weird.

Type your comment> @menessim said:

@idomino said:
Am I missing a hint for the service that complains about the missing parameters, or is it really just ‘guess the box’?

I am also struggeling with that error message right now. And I think I tried a lot of possible parameters. Really weird.

It feels good to know I’m not alone in this XDXDXD

Type your comment> @idomino said:

Am I missing a hint for the service that complains about the missing parameters, or is it really just ‘guess the box’?

Yea Im on that too. I dont understand if Im missing something or I Just Need to keep guessing…

Authenticated on 2FA, just got a page with lots of GIF images… will search for more I guess…