Do you need the username/password to get the auth token?
Once again, after a brief review of the machine, I saw the benefits of reading the comments here at forum. Comments by @anonymous187 will help, especially.
Very CTF-like box and it doesn’t even take 2 hours to reach the flags, if you know how WEB pentesting works.
I can do my best for those who need help. (But please tell me what you have found so far in the message, before asking for help.)
Good box.
Nice. More of a lesson in enumeration than anything. That’s all you need to root this box. PM if you need help.
Type your comment> @anonymous187 said:
Let me try to hint you guys as much as i can without spoiling
1- We all have to respect the old and knock at their old door, they give wise words
2- Enumeration is the best way to get in and reveal things so enumerate all services and ports
3- When you enumerate EVERYTHING and collected all information (Uns , cls, LI* pages), time to go to the playground and get some tokens
4- cURL will help you buy your playground tokens (but dont forget to give it the cls)
5- You got the tokens??? YAAAAAY it’s time to play. I mean play with the Request header and the enumerated directories, this will allow you to win prizes =D
6- Use the prizes and different combinations with the founded LI* pages so you can get the Grand Prize
7- What do you want more, you got the Grand Prize !!! Highest prize = Highest port (if you know what i mean)
8- That’s about it, you went to play, you got the prizes, went inside the highest port, time to go HOME =DI would like to thank @BapaH for his assistance
I am struggling with 5 and 6. Not finding the second half of the combo, busting down more doors now. Found /U and /L at 3k but that’s it.
Finally realized my mistake thanks to @tykz and @mogyub and their simple but perfect hints. If anyone else is struggling where I was just stay where you are and build on what you have by hand. Great box, learned a ton about authentication.
Is their someone I can PM? I have been stuck on the c**l method and not educated enough on it to know if i am doing it correctly or not. FYI followed medium post…
I have the token, I am able to get it to fall under the correct syntax from the medium post, but yet when I send the token request i get a Token is not valid… Im lost if someone can help
Edit: Got root. Pretty fun box. PM me if you need help.
I have creds which i get from port 3*** now how i use that creds please help me ???
Edit : Finally rooted thanks to everyone who help me specially @GibParadox
Hello,can someone help me…
Got it! ■■■! I was blind at first, but when I realized what is going on (i missed one login page!) it was piece of cake. Enumerate, enumerate, enumerate!
I stuck, I don’t know how to use user and pass correctly on port 3000
Rooted the box 
Still interested in knowing if its possible to get a reverse shell or owning the box through other means. PM if you know how to root the box through other means, always looking to learn!
I got the creds from 3k but not working on any login page 
@cinereus : You’re probably missing a login page. Are you using gobuster?
Just rooted the server. Drove home the point about enumerating and it has improved my methodology for that, as well as showing me a different type of authentication tokens I wasn’t aware of. I do wish it had an escalation though.
@hostilenode Using dirb and dirbuster, I’ve found 3 login pages not sure if i’m missing one? And yea It was fun looking at the token stuff I sort of got lucky guessing a path for that as well…
Luke: ctf-like. -.-
PM me if you need help.
I got users name and role from the odd port. Now trying them on the highest port, but nothing seems to work. Please someone help or provide a nudge.
Type your comment> @FlewManChew said:
feels like i’m going in circles with this box…
i have got a gang of user creds but they dont seem to work anywhere…
and there is at least 3 spots to enter them…i could use a little help… plz p.m. me
edit * rooted thanks mogyub!
Stuck in the same loophole.