Endgame RPG

I have started doing RPG and need some help.Anyone else doing these labs now?

Started it yesternight, but didn’t see anything interesting, yet. The attack surface is pretty narrow, and I somewhat doubt that we are supposed to brute-force the login :smiley:

Yes i am also getting my brain fucked there…
But i don’t think there should be bruteforce because of the reputation level of these labs but who knows.

I will probably have to stretch my (sometimes lousy) enum skills to get anywhere on this :smiley:

I got into the web ui today. That was nice.

That is awesome, at least tell us does it require bruteforce ? (probably not)

finally found creds to Artifactory, my advice with a good point from @bkr32 - there’s a REST API for Artifactory, check it, get potential user list and try some passwords. Case in username matters!
hopefully not spoiling to much :slight_smile:

No, nothing yet, but we’ll get it.

4 flags into this beast. 2 more to go!

Just wrapped up the last flag. A great experience, probably the hardest endgame so far. Definitely learned a few new things here.

Same, also just finished the Endgame, it was so hard. Worth it.

Any help with first flag?

Type your comment> @th3d00msl4y3r said:

Any help with first flag?

tried all set of possible top 100, cewl, default
nothing so far wut about u?

Should I crack the account of *Tho**son?, I am missing the last 2 flags :frowning:
I am self-reponding, yes. Finally finished, some very hard part. The last flag is the easiest, I think.

Type your comment

guys i need help for the third flag, can someone contact me in pm please

can anyone vote for the reset of RPG (edge-eu-endgame-vip-1)?

Can anybody help me with initials creds? I tried usernames from docs and tried to grab all words with cewl but nothing works. Tried to guess it but it didn’t work neither.

Anyone open to offering some help?

I just started the lab. Done a fair amount of enum so far but failing to find any creds for the obvious login on the .18 box. Without brute forcing I’ve tried all the names I can find easily on the various pages with combo’s of common passwords but have still not managed to authenticate. Fuzzing hasn’t produced much. Intercepting with Burp doesn’t give anything obvious away to me.

At this point I’m not even sure if the login page is the right direction. Any tips would be greatly appreciated!