Has anyone researched the site development framework? Not sure if this is a rabbit hole. Edit: this was irrelevant.
@3mrgnc3 said:
hydra seems to work if you limit it to a single thread. Not found anything yet but its not getting blocked. Same goes for sqlmap… Working slowly.
These are just standard testing procedures I’m going though and may not be the way in in this case.
Yeah, If I throttle Burp I can get the same. But not finding anything. I’ll keep on plugging away. Was wondering if there is another method…
@Barn3y said:
@3mrgnc3 said:
hydra seems to work if you limit it to a single thread. Not found anything yet but its not getting blocked. Same goes for sqlmap… Working slowly.
These are just standard testing procedures I’m going though and may not be the way in in this case.
Yeah, If I throttle Burp I can get the same. But not finding anything. I’ll keep on plugging away. Was wondering if there is another method…
it’s worth mentioning like someone else did that you don’t have to brute to get the user, not too sure how to say much else without spoiling
Same, but using Zap with a couple of user lists and a custom wordlist from the app. See one little hint in comments, off to look at the code…
Edit: OOOOOOOOoooooohhhh… following the obvious clues (hindsight) now I understand what makes this a CTF… now have to convert that understanding into something useful…
Edit: you don’t HAVE to brute if you do some unconventional osint, but if you do, don’t make a typo and waste 4 hours like I did.
Edit2: ■■■ I facepalmed, this could have been done in 2 min
@daddycocoaman said:
Dropping this here for folks:There is a possibility that the OTP may not work when you submit even though you know you have the right values configured. There’s a command line switch to fix that.
do you mind if i PM you, i think i know what you’re talking about but i just wanna be sure
.
Hi All, I don’t suppose anyone has any useful hints or tips? I cannot even perform fuzzing with delays without either getting banned or getting socket errors.
As far as I can tell, CTF stands for Compressed Token Format and not Capture The Flag.
Yes, that was my revelation re meaning of CTF and that revelation seems to be helping people. I am told that Google is in fact your friend for understanding the machinery and I have found a relevant tool on kali. …
Update: figured out the next part. It really is kinda logical and analogous to what we’ve done elsewhere. This step is both tedious and cool at the same time.
progress then - haha. 
um, 12 system owns. challenging box, maybe some hints from creator needed?
passed the login, next part has me stumped
This is the second forum were people are acting like kids. Can the Admin do something about this? I’m here to learn not listen to kids fight back and forth… @Arrexel
@Aust1n said:
passed the login, next part has me stumped
same!
Finally got some time to myself, looking at the next part after login now… hmmmmmm…
Oh by the way, I’ve been trying out Zap because its UI is a little sexier than Burp’s, but I’ve decided I like Burp better for almost everything except fuzzing with large files.
Edit: got user and a shell, that wasn’t so bad. Did get a few pointers along the way but logic-ed my way through a lot of it. Along the way I facepalmed so hard about that first username… I understand now how it could have only taken a really experienced hacker an hour or less.
Exfil’ed a really good sample code file along the way.
Root is supposed to be another brainf***
Loved your creation @0xEA31. Great learning path to me. Though i’m still in progress but a brainstorming puzzle which really keeping me close to solve it.
Edit: Rooted
so you need to find the token value to be able to login?
or something else is needed?
@w31rd0 said:
so you need to find the token value to be able to login?
or something else is needed?
Yes
Yes to both @w31rd0
As for root, no idea how to even approach this. All my privesc tools are turning up dry. Maybe look again at what we’ve been attacking.
Do you need to find the token string in order to generate the OTPs?