Attacking Common Applications - Skills Assessment II

Any clues on how to get the Nagios users password. Brute forcing is giving nothing so far and cant find any readable directories or anything. Any hints would be appreciated


It’s OK I found it…:slight_smile:

Could you give a hint? Thanks

I’ve tried defaults and brute force and nothing



1 Like

is the vhost also in gitlab? I’ve found the password, but not the vhost/url to access the application?

The question states that gitlab is the vhost you need to use…if you can’t reach it, it’s probably your hosts file that’s the problem

I can access the gitlab, I couldn’t find the third vhost where nagios is running.

Ah OK sorry I misunderstood…you cracked it now though right?

I managed to get the reverse shell and the flag for the last question, but I am struggling with URL.
Tried all variations, but it is hard when you don’t know the format they are expecting.

I’ve got the answer, but it seems the answer format it should be stated as the answer varied. anyways. Merry xmas all

1 Like

Me too, how you figured out?

How did you guys get the script “” working , please?