I don’t know… this release area is a great innovation, but on both release area and “public” servers the machine is so hammered that I cannot finish a single gobuster with a small list like quickhits, my nmap quick-scan took longer than other people needed for blood.
Fun box so far, got user.txt – working on root but starting to run into dead ends. The ‘Very Easy’ rating means I’ve probably missed something obvious.
Fun box so far, got user.txt – working on root but starting to run into dead ends. The ‘Very Easy’ rating means I’ve probably missed something obvious.
@TazWake said:
In theory, the release arena is unique to you - other people cant be hammering it.
That’s what I thought… still I’m getting “unable to connect…” by gobuster and “connection timeout” by Firefox. It’s works in between and I can see the “news”, then drops dead again. Reset the Release Arena box but it didn’t change.
@ChefByzen said:
Maybe bruteforcing isn’t the way to go here…
And I wrote “I’m doing bruteforcing” exactly where?
Except you call nmap, Nikto or gobuster bruteforcing…
I did read about F2B, so maybe it’s “intended” - but usually the “Fail” means failing on a login attempt not 404s.
I’m not the owner of the box (obviously), but F2B can be configured to detect (and ban) directory brute forcing.
For Foothold: Just look for CVE and try it.
For User 1: Enum on the landing root dir. R0ckYou will rock you.
For User 2: User1 and User2 are very good friends. They share everything.
For User 3: Stay Home and play hide & seek. Google all the way will land you on a good article.