Hi, I made this topic for this module beacuse I found it very hard in some questions, and there’s no hint.
Does anyone know how to solve the osTicket question? And what about other notable application? I tried everything with nmap, gobuster, hydra but i go nowhere
2 Likes
For osticket, just follow the instruction in this module
- Login with agent credential
- Check previous ticket history ( you will have the answer)
I am also stuck at the “notable” and “attack gitlab” section
1 Like
I can’t find the agent credential. I found git as external portal, i registered an account with the ticket email but nothing. Could you give me an hint?
I did “attacking gitlab”, to solve you can try to use the code that you find on the exploitdb links
Take a look at the email address start with kevin******* and the login page below it.
For “attacking gitlab”, I used the script from exploitdb and wordlist xato-net-10-million-usernames-dup.txt. Eventually, I managed to find a couple of valid username such as “help, public, hacker”. But none of them is the correct answer. So I am not sure what I have missed.
Try rockyou.txt list for password and cirt-****.txt for usernames
1 Like
Hi everyone! some of you have been able to pass the skills assessment 1?
specifically the last exercise on getting a shell?
any hint or methodology would greatly appreciate it as I tried various ways without success including metasploit
I used several dictionaries and with one I managed to find the correct user, I don’t remember which one it is, but if it comes inside the virtual machine, I recommend you try several and it will come out if you have problems, I can help you!
Hi, are you got the flag? If not i can give suggestion that Tomcat 9.0.0M1 is vulnerable for one of lastest CVE in module “Attacking Tomcat”. But I have too troubles for getting flag too 
Help me if you solved it 
1 Like
Hi, for tomcat you have to use the cgi-exploit, with gobuster or fuzz you find a *.bat file and use it for rce.
If you need other hints text me
2 Likes
hey bro.i can not find user for gitlab.can you help me please?
can u help me please.i can not fine user for gitlab
Did you already try with different wordlists?
hi, ive founded user with cirt*.txt wordlist from cheatsheet and hint in example
2 Likes
i use gobuster to enum http://ip:8080/ but i cannt find .bat file.can you help me please?
Are you still stuck on the gitlab question?
no i solved it.thank you brother
Hi. Can you give a hint about password for gitlab user? Ive tried a first 10000 of rockyou but nothing done
dont need to find password for gitlab.just look at gitlab section again and see how you can access information and repositories
3 Likes
And so one. Can you please give a hint for WebLogic RCE? Ive tried some of PoCs but it done nothing
did you find the password?