Opinion: too CTF-like for my taste.
Nudges: 1) When you feel like you’ve exhausted all enumeration, it’s time to figure out how to satisfy the odd one. 2) Try the only information you have (assuming you found it), but perhaps go from the /R.+/. to the /A.+/. 3) Who’s the boss? 4) Oh look, another one! 5) Many ways, one goal.
It’s a fun machine but as @Fugl said. It’s too CTF-like.
The hardest part is to figure out how to retrieve the credentials from the odd port. After that just use the credentials in one of the restricted directories that you should have seen at the early stages of your enumeration. Once you’re in just look for more passwords and that’s enough for getting the root flag and user flag
Pretty nice box and learnt new skills regarding SPA =]
And passwords after passwords should do it.
I wasted hours trying to find the the second to last login screen. If you have found the mother load of credentials and have not yet found the right place to put them, then make sure you scan port 80 using dirb NOT gobuster. The common list will do.
very easy and straight forward box … rooted
@Tendel10 there was no privesc, it was intended to get root directly
bach bach
Could someone send me nudge towards the creds, I know of the various places to use them just can’t find them anywhere
Is the name of the machine some kind of hint? is a username to be used somewhere?
Type your comment> @hudson96 said:
Could someone send me nudge towards the creds, I know of the various places to use them just can’t find them anywhere
Same situtation, have you found anything?
Type your comment> @H0bb1t said:
Type your comment> @hudson96 said:
Could someone send me nudge towards the creds, I know of the various places to use them just can’t find them anywhere
Same situtation, have you found anything?
No still stuck 
Type your comment> @hudson96 said:
Type your comment> @H0bb1t said:
Type your comment> @hudson96 said:
Could someone send me nudge towards the creds, I know of the various places to use them just can’t find them anywhere
Same situtation, have you found anything?
No still stuck
Try investigating that odd, seemingly pointless other service that is not quite a website, but still sort of behaves like one.
Type your comment> @Fugl said:
Type your comment> @hudson96 said:
Type your comment> @H0bb1t said:
Type your comment> @hudson96 said:
Could someone send me nudge towards the creds, I know of the various places to use them just can’t find them anywhere
Same situtation, have you found anything?
No still stuck
Try investigating that odd, seemingly pointless other service that is not quite a website, but still sort of behaves like one.
but i am having some difficulty on that page abut auth… failed
can you PM me plz
Got root if you need help feel free to PM
Getting too much messages can’t reply every one here you can message on twitter for help my username is vj0shii
i have done a similar thing in help machine. But here it’s a bit strange, throwing error. that HIGH port g*****L
okay, so till now i have a credential but don’t know where to use it. 2 login page and one auth page, but again, don’t know how or what to supply for login
Spoiler Removed
@avi7611 i guess i can also use burp!
correct me if i am wrong.
