Luke

HTB Content Machines
444

So stuck… please could you PM me some guidance with C*** on 3****

445

Type your comment> @Noctem777 said:

So stuck… please could you PM me some guidance with C*** on 3****

NVM i got it :slight_smile: so making progress

446

Type your comment> @MasterPitt said:

I have found c********** from c*****.*** and i found login entry /l****.*** and /m********* on the port 8* i already tried to get some t***** at port 3*** but nothing is working can someone hint me if i missed something

Same here.

447

Once you get over the enumeration hurdle the rest of the box is quite fun. There are a few dead ends but you figure them out quite quickly. You will acquire many sets of credentials so there is a good opportunity for brushing up on your hydra skills - do not neglect default usernames.

448

Feel free to PM me for a nudge when you get stuck. There are lots of good hints here in the forum but its a lot to sort through at this point.

449

how do I find the creds please help im new. i can’t find a way to exploit node.js since there are no cookies

450

Type your comment

451

Any hints after /m*********/l****.*** and the json file. No idéa what to do really.

Tried the logins from json at 8*** but it dosen’t work.

452

Wow, tried 100 times last night with the same credentials. Worked now. Don’t know what I did wrong. Rooted

A bit too ctf-like box.

453

Completely stumped on this box. I’ve enumerated the five open ports and found the two login pages and authorization page as well as the the db username and password but have no idea where to enter them. With all the other hints about port 3*** I’ve researched the service on it but still have no idea what to do with it. Any help would be much appreciated, feel free to pm me

454

Page 5 has your hint

455

Hi Guys. fairly new here. finally got it.
Took me a couple of hours. I know JWT quite well use it regularly in my projects.

Without giving away it was the “guessing” that took me the longest.

456

yo where tf do I use the credentials after getting it from the auth???

457

which crdes do i need to use to authenticate to 3*** port, i am using creds i found in c*****.php file , but whatever is use i get “forbidden” in curl , pls help i m stuck

458

The medium hint helped quite a bit, and you might want to try dirbuster and such on the 3 port. If you go the c*** route, consider where you’re sending your requests.

and for those who want reverse shell, i recommend pentestmonkey:
http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet

rooted :slight_smile:

459

Rooted.
PM if you need help, online for a few hours.

460

Managed to get the creds and tried in all the login portal and other services login but I am not proceeding further.
Any hint would be highly appreciated ?

461

Think I’ve managed to get what’s needed from the 3 port. Am trying to use what I found elsewhere but not having much luck. Would appreciate any nudges onwards.

Edit: Now rooted :slight_smile:

462

Can I get somebody to just confirm or otherwise that my c*** foo is on the right track? I’m getting nothing but ‘forbidden’. Is this bad creds or bad syntax? Mucho Gracias… :wink:

Edit: Disregard. bad copy 'n paste… i feel like a complete numpty… Ok! Onwards! :smiley:

463

Rooted. Learned much about THAT port. As usual, PM for hints.