There is no authentication required for this part. I’ve just checked the part you are stuck at from within my CTF Kali VM and can enumerate just fine.
Maybe you can try switching to another server instance or VPN zone, as you already ruled out (active) misconfiguration of the tool on your end. Because it looks a little like the machine you are targeting is broken.
So, I had a bit of spare time - I switched to EU-VIP-11 but same problem :lol: All my packets are being rejected by the first hop, which is responding that the service is not available.
I even cracked and switched to EU-VIP-14 as well. Same problem.
I want to think it is an issue with my configuration, but it was an identical problem with the clean installs from marketplace images in AWS and Azure.
It really does feel like I am not destined to progress this box
It turns out I am a bigger ■■■ than I realised. It was a layer 8 issue that I managed to repeat several times. I’ve no idea why I failed to spot it for three days but typos are killers.
in my humble opinion this is obviously not a hard machine, i think it should be consider as insane machine, or maybe i am just a bit rusty, it took me ages to find the way to the root
but finally i got it, rooted!
i will be willing to help if anyone here feeling frustrated or stuck somewhere, feel free to DM/PM me for any questions, hints or nudges.
rooted. really fun box that taught me a lot about the app it is named after, the main tool needed to exploit it, and finally the k dog. thanks @itsdafafo for a steer near the end.
rooted. really fun box that taught me a lot about the app it is named after, the main tool needed to exploit it, and finally the k dog. thanks @itsdafafo for a steer near the end.
Would someone help me understand why I can’t run gobuster through p*********s ? nmap works perfectly well (I found and nmap’ed w—.r-------.—) but gobuster keeps timing out. I tried writing my own script but it’s far from being as effective as gobuster (1h30 in and not even 20k requests sent ><).
Would someone help me understand why I can’t run gobuster through p*********s ? nmap works perfectly well (I found and nmap’ed w—.r-------.—) but gobuster keeps timing out. I tried writing my own script but it’s far from being as effective as gobuster (1h30 in and not even 20k requests sent ><).
No need for gobuster, here. Just try to imagine what might be served by that server
Would someone help me understand why I can’t run gobuster through p*********s ? nmap works perfectly well (I found and nmap’ed w—.r-------.—) but gobuster keeps timing out. I tried writing my own script but it’s far from being as effective as gobuster (1h30 in and not even 20k requests sent ><).
No need for gobuster, here. Just try to imagine what might be served by that server
Mmmh, okay, found it ! Well… I’d like to make gobuster run still, but at least I can move on Thanks !
I’m a bit stuck as well. I slapped some hashes for a while but no luck there. However, poking at names got me an internal IP, but I’m really not sure how I could route myself into that subnet. Any tips?
I’m a bit stuck as well. I slapped some hashes for a while but no luck there. However, poking at names got me an internal IP, but I’m really not sure how I could route myself into that subnet. Any tips?
Phheeew… great box so far, but really confusing ^^
I’m a**** now, retrieved some hashes from k****b but I’m a bit lost for the next steps. Most of the docs I find talk about Windows.
If anyone has either an idea or a good article to send in my direction, that’d be awesome
Edit : Rooted. I really enjoyed the beginning, I was new to this type of things. The privesc part had me crying
Dude, never messed with almost any of this things but bit by bit i was able to progress (not fast, but progress at least). Took me a WHOLE week, but i assume that when familiar with the technologies is not something out of this world !
But, without any doubt, an awesome box to learn new stuff and it was fun!!
Foothold: Oh boy, the hardest is to reach there (might need to hop like a rabbit) User: well, if you look carefully when landing you can see that only you are missing the trio party ! use what you found in clear Root: Quite straightforward if you know how to move in the 3headK world
If you need help, just reach out to me and i’ll try to help you out in the best of my capabilities
Before I do anything crazy like instrument and compile the exact version of s**** to figure out how todo c**** p***** or req**** sm*******. I would like to talk about my current thoughts. Just like what has already been discussed in this thread I also can hit all i******* s******* but nothing seems to talk h*** so an s*** seems unlikely. Who knows maybe my enum is bad and I missed something. So I guess PM me if your willing to provide a nudge.
well, I recently rooted this box. My enum is bad and I really should feel bad. Additionally, You have to be really specific with your interactions with this really picky underworld’s authentication gatekeeper.
I’m stuck at priv esc. I know I have to get a***n first but not getting anywhere. I already tried to crack the hashes. I also tried fiddling with that unusual s***pt which belongs to a***n. SOS!