Rooted. Learned much about THAT port. As usual, PM for hints.
Rooted.
PM me to hints.
Type your comment
rooted w/o DMs. so happy. i have zero knowledge on n* frameworks. i learned a lot from this box.
my take on this machine.
-
all searchers ive used so far are the same. its just that when i use gobuster, i always have this flag -s “default_status_codes,including 4xx”
-
on port 3*, is the most challenging part. i have no knowledge how to attack. yes ive read the medium posts, searched google, but i always mix things up. until then when i almost gave up, ive read the word “Forbidden”. It hit me hard to play more on my c*** syntax then got a*** t****.
-
now another problem, how to use what i got on #2? the reason why i always fail on #2 is that im sticking to the request method “needed” for #3. went back again to the medium post and submitted what i got on #2 not as a d*** then got user creds.
-
tried to use the creds against /m*…t and my initial password nothing works. went back to port 3. carefully crafting my URL still with the embedded a*** t****, i went places. i got more login creds.
-
i tried the login creds i got to /m*…*t and saw a file. read it and got me user and root.
i did not went reverse shelling but ill try maybe next time.
if spoiler im so sorry HTB.
Guys and gals, just to save you some time (as others have already suggested), if you copy paste something check the syntax before allowing your mind to drift into a rabbit hole 
C**l part is simple but needs to be syntactically correct. Happy hacking ya’ll
Rooted
Excellent box, pure enumeration
Nudge for root?
Finally root, was a pain 
User: The usernames that you got in 3*** are case sensitive, I lost a lot of time because of this. =(
Root: One time you get user.txt you get root.txt, there is no extra work.
hi, i’m pretty new , I need a very big help, could please someone write me in pm? THX
hi guys , i need some help! after i found some credentials in the p.p files… i have problem using curl to get the token any clue. thanks
Spoiler Removed
Hey fellas, I am having some problems with the c***.
It should be easy according to everybody else but I am missing something.
Tried different aliases for username as suggested by others
Tried probably every possible variation of the syntax on the medium page combined with the c****.*** info
but I always get bad request. without the fancy payload bits I get please auth response. so I should be doing something wrong there. Could you help a newb out?
Edit: user and root owned, many thanks to @n1tr0u5 and @vGsec
I had to step away from this one for a day and come back to it; I got root! I internally facepalmed when I finally figured out what I was stuck on. Fun machine!
Ugh… not sure you can blame headaches just on enumeration, it’s a bit sneaky beaky and it is a bit of a dance between things you can login to.
Rooted! Completely overthought this one. Take your time, take notes, and copy (don’t transcribe) any usernames/passwords you find. PM me for hints.
FINALLY ROOTED! Once I got the c*** stuff sorted that was easy (although I was frustrated for about half an hour figuring out where to put what after that as well)
Type your comment> @grobister said:
Hi Guys. fairly new here. finally got it.
Took me a couple of hours. I know JWT quite well use it regularly in my projects.Without giving away it was the “guessing” that took me the longest.
Yeap guessing took up 2 hours of “enumeration”. Rooting took like 10 mins. Not sure how I feel about the box but it was interesting enough I guess.
@oannes said:
Hey fellas, I am having some problems with the c***.
It should be easy according to everybody else but I am missing something.Tried different aliases for username as suggested by others
Tried probably every possible variation of the syntax on the medium page combined with the c****.*** infobut I always get bad request. without the fancy payload bits I get please auth response. so I should be doing something wrong there. Could you help a newb out?
Bad request means your c*** request has errors. Once you get forbidden you can start guessing.