Luke

I can’t get the token. I tried the c*** command using the ** credentials and event changed the default use**** but i get the “Please auth” response. If anywant wants to give me a hint please feel free to pm me.

Anyone can pm me? I cant find anything with dirb/uster, i only have a txt in port 21

Forgive me for im a noob, I have the a*** t**** but im not sure how to use it …can someone plz help me with that

Have a password and logins from 3*** port, tried all login pages, but nothing is worked. Please PM me with a hint
UPD:
GOT ROOT
My hints:
enum,enum and enum
P.S Try to think off the URL in 3*** port

P.M me, if you stuck

Thx @Gn0m3h4ck3r for all. This was quite easy and I didn’t know why haven’t I thought about that…

Did someone ruin the box or why was root super easy? If someone could DM me and I will tell you how I got root, would be nice. Thanks!

I don think the machine is borked, been on it for three days now and it seems to be ok.

per all the comments it sounds like root was easier to get first, though I still havent got there. I’m either missing one more pair or part of some creds, or the right login page to use them. any hints welcome, learned a bunch so far.

Rooted! Fun box, hit me up dor help and hints

Got my creds, trying to use them, but getting lots of Bad Requests. Gonna play around for a while - any suggestions as to what correct parameters might be?

Any idea what i do withe the users and the password from 3*** ?

rooted, thanks to @Raven37 for help

Okay, I got the token from the 3*** port, but I am stuck now, because after the "W****** A**** message I cant do anything here… Pls help

Have all the creds from 3*** - enumerated again. but don’t know where to use these. have 2 login portals 8*** and 8*.
Am I missing something on enumeration? Any hint would be nice :slight_smile: Thanks in advance.

EDIT: Rooted. I think someone changed the password of the root user :frowning: … But i had to enumerate once more to find the third l**** page. wasted a lot of time until someone reset the machine.
Learned a lot - good machine. :slight_smile:

Can someone pls dm me abt the C*** syntax…I am stuck in that for ages.

Edited: C*** worked

But got only 4users, no pass

Tried this combo with the pass which I got from c*****.***, not working.

Am i missing something ?

Edited: Rooted finally :wink:

Finnaly got it rooted. Thanks to everyone who was kind helping me. PM if you need some hints

frustratingly fun for this noob(me), but I finally got it. Learned plenty along the way, not to mention the extra emphasis on thorough enumeration. Thank you to all who provided hints in this thread and to the maker of the box. Also a big shout out to @coryshawty for helping me with some nudges, and @StalkerAlex as well.

on to the next one!

Hi everyone! I try to give you an advise:

User:
Enumerate all ports, try to get all information as possible. Get cred?
Try to figure out, how 3*** works. Here I get you a clue “A guide for adding JWT token-based authentication to your single page Node.js applications | by Naren Yellavula | Dev bits | Medium
Find the way to enumerate that port. Get more creds?
One cred is useful for other port. Did you a right enumeration for all ports? prove it.
Here you will find more creds.
Now It is time for high port login
Root: it is pretty obvious

I hope I helped :smile:

need some hints on luke…i got the user list but where to find the password

Type your comment> @jordan1986 said:

need some hints on luke…i got the user list but where to find the password

Use those users in the same way you found them

Stuck in Enumeration, used dirb, dirbuster, common txt. nothing. Any special settings am I missing?