Rooted… Actually Its a shame to even say that, but don’t bother about “rooting” the machine, the only quest is user, and a certain “MEDIUM” blog will get you what you need to get “certain access”. Remember 3000 is not only a “MARVEL” but a necessity!
Getting a bit stuck here. I’m on the second highest port part, I’m using C*** but I can’t get the token, when I try to use the Medium article (if I’m using the right one) I get an error ‘Invalid numeric literal at line 1, column 10’ if I try to force my own crafted token in it tells me ‘Token is not valid’ I’m seriously banging my head against a wall here. Any help would be appreciated.
Yes!! Rooted this one
Wowzers on the rabbit holes! Got root and user. I enjoyed the JWT aspect because that ended up being a major hole in my game but the fact that I didn’t need priv escalation as other users have mentioned was a bit disappointing. Good box! Lessons learned!
Type your comment> @hacksack07 said:
Getting a bit stuck here. I’m on the second highest port part, I’m using C*** but I can’t get the token, when I try to use the Medium article (if I’m using the right one) I get an error ‘Invalid numeric literal at line 1, column 10’ if I try to force my own crafted token in it tells me ‘Token is not valid’ I’m seriously banging my head against a wall here. Any help would be appreciated.
Rooted. Phew that was an effort. Thanks so much to @Mava and @Godzkid, and also thanks to @Illuminatiguy for the offer but not needed now. Onto to the next machine
@hacksack07 wow thanks for mentioning
if you believe i have helped you please give me respect on my profile
and congrats you rooted it finally .
Hi I have managed to get all the Creds from dbinfo plus all the creds from curl but i can’t seem to use any of them to get into this ■■■■■■ machine! can someone lend a hand please
Type your comment> @Dreadless said:
Hi I have managed to get all the Creds from dbinfo plus all the creds from curl but i can’t seem to use any of them to get into this ■■■■■■ machine! can someone lend a hand please
Did you find all the loginpageS on 80?
Hi I’ve rooted the box through 8*** F******** T******.
i was just trying for the fun of it to get a shell running through NC to my own terminal but i failed to find out how to do this. can someone give me some help on how to do this. just for learning purposes cause i already got thr root flag.
thx
Type your comment> @bakemonozero1 said:
Type your comment> @Dreadless said:
Hi I have managed to get all the Creds from dbinfo plus all the creds from curl but i can’t seem to use any of them to get into this ■■■■■■ machine! can someone lend a hand please
Did you find all the loginpageS on 80?
Now i’m thinking I havent… will re-scan!
Type your comment> @bakemonozero1 said:
Type your comment> @Dreadless said:
Hi I have managed to get all the Creds from dbinfo plus all the creds from curl but i can’t seem to use any of them to get into this ■■■■■■ machine! can someone lend a hand please
Did you find all the loginpageS on 80?
all I find is a css file. no where to actually log in. unless i am missing something
Type your comment> @Dreadless said:
Type your comment> @bakemonozero1 said:
Type your comment> @Dreadless said:
Hi I have managed to get all the Creds from dbinfo plus all the creds from curl but i can’t seem to use any of them to get into this ■■■■■■ machine! can someone lend a hand please
Did you find all the loginpageS on 80?
all I find is a css file. no where to actually log in. unless i am missing something
some dirsearchers dont pay attention to 401 responses try using dirb with the big filelist
Hi,
Any special wordlist to use when using dirbuster/dirsearch. Been at it for a while now, with no tokens are users being discovered.
Type your comment> @bakemonozero1 said:
Type your comment> @Dreadless said:
Type your comment> @bakemonozero1 said:
Type your comment> @Dreadless said:
Hi I have managed to get all the Creds from dbinfo plus all the creds from curl but i can’t seem to use any of them to get into this ■■■■■■ machine! can someone lend a hand please
Did you find all the loginpageS on 80?
all I find is a css file. no where to actually log in. unless i am missing something
some dirsearchers dont pay attention to 401 responses try using dirb with the big filelist
thank you I got root and user! was a pain to log in but when i found it, it was obvious lol big list was a great help!
ROOOTED!
Thx @illuminatiguy helped me to realize I was using a stupid -s flag killing my c**l output for the token!
Once I got the token I had already enumerated enough to get everything without problems…
Honestly this machine shouldn’t be 30 points.
If you need Help PM me
Have spent the better part of the searching for everything you guys mentioned here but no closer to getting anywhere ?
Anyone willing to pm me a life line?
Can somebody PM me to give me a hint?
Got the DB cred and several Login pages.
Dont know what to “play” with the auth on port 3000.
Read the medium article, but I don’t know how to make this command sequence work.
Can someone PM me, {“success”:false,“message”:“Token is not valid”}, getting this error when following the medium guide. Just want to confirm syntax.
I got the creds and know where to use them, but still not able to authorize, is someone facing the same issue??
Edit: just reset the box and it got fixed.
Finally rooted