Traceback

I’m ssh’d as a user, but not seeing a flag in the home directory. Is there meant to be one in the normal place?

EDIT: Nevermind, had to jump to next user.

SSH bruteforce is involved?

Type your comment> @ZuS said:

initial step pls

@sakas4 > @sakas4 said:

SSH bruteforce is involved?

Not sure if troll, but for others that see. Brute force has almost never been the answer on any of the newer boxes… That being said it could always be a thing on this or any box, but should be a last ditch effort these days…

is Failed to d*** a part of the game or just a collateral damage? :slight_smile:

Spoiler Removed

Ran lot of wordlists to fuzz the website. Did not find a single file. Must be something stupid…
Some hints for initial foothold ?

1 Like

Type your comment> @Crafty said:

Ran lot of wordlists to fuzz the website. Did not find a single file. Must be something stupid…
Some hints for initial foothold ?

Trying reading whats not immediately obvious on the web page

Type your comment> @Crafty said:

Ran lot of wordlists to fuzz the website. Did not find a single file. Must be something stupid…
Some hints for initial foothold ?

Maybe you have to read better what you already have;)

Super easy and fast machine.
Worst part: people not understanding and lagging it a lot with tons of bruteforce in both open ports. Also some guy had the idea of changing some relevant binary, dont know if he found it to be funny or what.

Type your comment> @chinonino said:

Type your comment> @Crafty said:

Ran lot of wordlists to fuzz the website. Did not find a single file. Must be something stupid…
Some hints for initial foothold ?

Maybe you have to read better what you already have;)

there’s only so many ways to view that page…someone saying read what you already have isn’t really …well, anything. No clue what this stupid thing is that Im obviously missing…

1 Like

It is a “guess the directory/page box” ? Because no common wordlists find anything.

EDIT : Found it, hint : osint.

tip initial shell: search the private parts of the creator :disappointed:

Type your comment> @Crafty said:

It is a “guess the directory/page box” ? Because no common wordlists find anything.

May be you have to “extend” your search a bit.

Hello guys, alredy did TCP/UDP scan, and dir/files bruteforcing with dirb,dirbuster,gobuster… I didn’t find nothing intrasting, a part a straing html comment on the web page source code. I need a little help, If someone can give me the right way I’ll really appreciece that!

Spoiler Removed

Rooted.
PM for nudges.

Spoiler Removed

Wow that was easy :slight_smile: But not in a bad way. Especially after the flood or hard/insane boxes recently this was a refreshing fun box! I also liked the techniques demonstrated. Thank you @Xh4H!

Please don’t message me for this one, if you’re stuck just make sure to read everything and read up on the basics again. Now back to Multimaster…

For initial foothold, read what’s in front of you, google and you will be on your way.