Anyone can help? Got creds from con***.p**, found 3 login pages. Also found /lon, /us*/ad*** on 3*** p***. Lastly, I do have that file from ft*.
Oh and I do know, that a*** to*** uses JWT, but that is not helping. Can someone PM me?
I got root, PM if you need help 
where to put the creds… hmm
Finally rooted this box. This are my thoughts.
USER
- Enumerate the web directories using anything but gobuster. Be recursive if you must.
- When you get your first creds play around with the username. Alias for root is what?
- Some people used curl I use postman cause I was already comfortable with it.
- When you get all 4 creds remember who is the admin. If you did your port 80 enumeration well enough you would already know where to use the creds
- Once you have dashboard access. Well you already know what to do.
ROOT
- Is there any privesc on this box. I wonder…
I got admin credentials from /u****/a*** from port 3*. I also got list from /u****. I tried combination of two findings, in port 8000 as well as on regular port in /manant and /lo**.p**. However, nothing seems to work. Please tell me if I am missing something.
Edit: finally rooted. Hint , there is something other than A#### on port 3*.
Still struggling to find any credentials. Are you using special wordlists or extensions for enumeration? found a lot of /u**** directories on 3*** but no files…
no there is no special wordlist … you have to get the token form port 3
Type your comment> @heartbeathack said:
no there is no special wordlist … you have to get the token form port 3
I know that but i dont know where to look at. I enumerated all directories and could not find any files : /
Pls where did you get the credentials to create the token? I looked in any subdirectory for any files like .txt .dat .db etc. I already used big wordlists
I need a guide for the right path.
I think that i’ve done the initials step but i’m now stucked.
Found the 4 creds. from 3*** using c*** but now i’m not able to use them.
I’ve found : m****t (and here i can log in but appears to be useless (?)) .
Plus L i*.p and A*i (in both of them i can’t log in).
I’m assuming that job on 3 is done and i can ignore it now after creds.
Feel free to pm me.
EDIT: got user, forgot to look in a simple file 
EDIT_2: got root too, natural consequence
Type your comment> @KnightyLion said:
I need a guide for the right path.
I think that i’ve done the initials step but i’m now stucked.
Found the 4 creds. from 3*** using c*** but now i’m not able to use them.
I’ve found : m****t (and here i can log in but appears to be useless (?)) .
Plus L i*.p and A*i (in both of them i can’t log in).
I’m assuming that job on 3 is done and i can ignore it now after creds.
Feel free to pm me.
ty <3
Same problem here. I am wondering if there’s yet another login page somewhere that I’m missing…
hint : Just do more enumeration if find 4 creds from 3*** and use the creds
completed it it was a fun box if you need any help pm me
Rooted - if you need help PM
@Malone5923 gives an excellent list of hints, follow those and you should get root
FInally got root! If you are stuck…feel free to PM me as you might be making the huge mistake with the J*T requests and where to send them as I was.
rooted. thanks to @heartbeathack for pointing me in the right direction. much appreciated, buddy!
I’m a bit stuck! I have found the credentials, but now I end up with a directory list with three pages, one of which is login. but here the credentials don’t seem to work. Really have no idea where I can look further.
So I would like a hint in the right direction, please share the steps I have done
EDIT : Finaly rooted .With special thanks to @Impulse for clearing my blindspot. If i can help somebody. let me know
Can anyone lend me a hand?
I’ve found db creds but not sure what to do with them. Maybe a rabbit hole?
I’ve enumerated everything (i think?) and found the /mt and c.p.
Cant find the 4 users people are talking about on 3.
Whenever I try to use curl i get “Unexpected token # in JSON at position 0”.