@TazWake said:
In theory, the release arena is unique to you - other people cant be hammering it.
That’s what I thought… still I’m getting “unable to connect…” by gobuster and “connection timeout” by Firefox. It’s works in between and I can see the “news”, then drops dead again. Reset the Release Arena box but it didn’t change.
@ChefByzen said:
Maybe bruteforcing isn’t the way to go here…
And I wrote “I’m doing bruteforcing” exactly where?
Except you call nmap, Nikto or gobuster bruteforcing…
I did read about F2B, so maybe it’s “intended” - but usually the “Fail” means failing on a login attempt not 404s.
I’m not the owner of the box (obviously), but F2B can be configured to detect (and ban) directory brute forcing.
For Foothold: Just look for CVE and try it.
For User 1: Enum on the landing root dir. R0ckYou will rock you.
For User 2: User1 and User2 are very good friends. They share everything.
For User 3: Stay Home and play hide & seek. Google all the way will land you on a good article.
I have got user1. But can’t find a way to user2. I have read the above comments. Found a keygs directory in .loc***re. I guess something will be revealed by the files in it. Can anyone give a nudge, am I on the right path?
I have got user1. But can’t find a way to user2. I have read the above comments. Found a keygs directory in .loc***re. I guess something will be revealed by the files in it. Can anyone give a nudge, am I on the right path?
I have got user1. But can’t find a way to user2. I have read the above comments. Found a keygs directory in .loc***re. I guess something will be revealed by the files in it. Can anyone give a nudge, am I on the right path?
no, wrong path … it is way more easy
Thanks . Was so easy that I completely overlooked it. Got it now
Rooted thx @N0xi0us for your help at the root part.
Shell easy af, just google
User 1: look for juicy info files
User2: Its right there, but can be missed
root: Again, its right there, think about the covid comment and stay at home, the interesting part can be missed as well, but after googling you might know it when you see it.
Rooted!!
This box is like way easy in the beginning to almost a bit hard in the end. Thanks @N0xi0us for the nudge in the end.
Feel free to dm for hints ?