Official Reel2 Discussion

TazWake · February 28, 2021, 8:14pm

Can i please have a tiny nudge in the right direction.
I’m stuck at the very beginning. Been messing with high port for a bit, but found nothing useful. fuzzed all ports, didnt see anything helpful either.

There are a lot of open ports. Have you looked at the higher of the two related ports?

Looking4 · March 1, 2021, 11:20am

Type your comment> @TazWake said:

@Looking4 said:

Can i please have a tiny nudge in the right direction.
I’m stuck at the very beginning. Been messing with high port for a bit, but found nothing useful. fuzzed all ports, didnt see anything helpful either.

There are a lot of open ports. Have you looked at the higher of the two related ports?

tried a few tools on the high port (not 8080) . Was only getting ‘NT_STATUS_CONNECTION_DISCONNECTED’. Have i understood you incorrect or i should find the right tool for that?

TazWake · March 1, 2021, 11:36am

Type your comment> @Looking4 said:

Type your comment> @TazWake said:

@Looking4 said:

Can i please have a tiny nudge in the right direction.
I’m stuck at the very beginning. Been messing with high port for a bit, but found nothing useful. fuzzed all ports, didnt see anything helpful either.

There are a lot of open ports. Have you looked at the higher of the two related ports?

tried a few tools on the high port (not 8080) . Was only getting ‘NT_STATUS_CONNECTION_DISCONNECTED’. Have i understood you incorrect or i should find the right tool for that?

If you are getting that response at the beginning, I think you are attacking the wrong port. You dont need to attack any ports in the 5*** range at the start.

Any hints or nudges pretty much depend on where you are. If you have a list of usernames and passwords you can try a brute force against the exposed *** service. If you dont have them, then refocus on the one you mentioned.

yuksec · March 8, 2021, 4:28am

Spoiler Removed

DedSecNL · March 13, 2021, 1:02pm

So I found a hashed password, which I am able to crack it. But when I try to login with it to get the flag the password is not accepted. Any nudges would be appreciated.

TazWake · March 13, 2021, 5:15pm

@bartvanderdoes said:

So I found a hashed password, which I am able to crack it. But when I try to login with it to get the flag the password is not accepted. Any nudges would be appreciated.

It depends if you have the right password to the service you are trying to authenticate against.

If you do, then how you log in also matters.