einfallstoll

About

Username
einfallstoll
Joined
Visits
136
Last Active
Roles
Member

Comments

  • I just ended up scripting a filesystem downloader. FML. Local enumeration took 5 seconds then. Now starting on root.
  • > @takuma said: > @CANC3RMAN said: > Can this challenge be completed with only using burpsuite? > > > > > > No :) I didn't use Burp.
  • I finally got the user and want to share some important steps with you * There are some rabbit holes! * Do a proper enumeration * When you find out what kind of data can be "injected", you're probably on the right track, keep going, there…
    in Bounty Comment by einfallstoll July 2018
  • It took me several hours to find the username. Now I finally got it. Hint for anyone else: You will see the username at some point. No need to search Wikipedia (like me), bruteforce or doing something else.
  • Should I report the challenge then?
  • (Quote) This is a Web challenge, not a box. Don't scan ports or try to get into the machine. Just play with the challenge in your browser (or proxy, wireshark, whatever)
    in HDC Comment by einfallstoll June 2018
  • I scanned all 65535 at once in under 30 seconds. Try the --min-parallelism and set it to 1000.
Avatar

Howdy, Stranger!

Click here to create an account.