Luke

I’m completely stuck on the c*** syntax to **** 3***, not sure what I’m doing wrong. I have the password but keep getting error messages, if someone can PM me some guidance I would greatly appreciate it.

edit

big props to @0x00f for nudging me in the right direction…hint for all those stuck on c*** portion…enumerate/enumerate/enumerate…

Im a total noob so Im really stuck. Any nudge in the right direction would really help me out.

Type your comment> @stabilni said:

I’m completely stuck on the c*** syntax to **** 3***, not sure what I’m doing wrong. I have the password but keep getting error messages, if someone can PM me some guidance I would greatly appreciate it.

edit

big props to @0x00f for nudging me in the right direction…hint for all those stuck on c*** portion…enumerate/enumerate/enumerate…

Not a bad box, learned a lot about c*** and J***. Also realized the importance of enumeration on this box, really need to be thorough.

rooted - if anyone would like a nudge in the right direction, feel free to PM me.

Quite easy box if you have enough information, got root first <_<

# whoami
root

Guys, if you stuck on 3*** just find article on medium in this thread

Rooted !
I understand why everyone pushed towards enumerating :smiley:
Nice beginner machine for sure ! My first machine owned !
Special thanks to @Arrow for the nudge and hints, really appreciate it !

Got root…After find the correct syntax for JWT,I also get drown inside the credentials…Thanks to @feuillemorte and @Arrow

If someone needs help,I will be happy to help.

I cannot, for the life of me, get the correct syntax for c***. I’ve read through the medium articles and played with it for a while, but I think I must be doing something fundamentally incorrect. If someone would mind a quick PM to get me on the right track?

First box, btw. Its been really educational so far. I feel like I’m getting closer and closer.

Type your comment> @DrDrizzyT said:

I cannot, for the life of me, get the correct syntax for c***. I’ve read through the medium articles and played with it for a while, but I think I must be doing something fundamentally incorrect. If someone would mind a quick PM to get me on the right track?

First box, btw. Its been really educational so far. I feel like I’m getting closer and closer.

use just c*** with the right end point and without additional stuff. and don’t use jq -r ... if you don’t know how it really works.

i got rooted ! :slight_smile: Thanks to great man @feuillemorte.

arrrrrrrrrrgh…got tn, and auth on 3. found u***, and u****/a**** and got the relevant data. now have bunch of username and a couple recovered passwords. tried all combos on all 3 login sites and no joy…

gotta be missing somethin easy… of course it’s always easy in hindsight. Lol

any help?

Daf*Q with this box ? i got root even before i got user.txt no how come this is medium box and Safe with ROP easy box ?

Type your comment> @frayedlife said:

arrrrrrrrrrgh…got tn, and auth on 3. found u***, and u****/a**** and got the relevant data. now have bunch of username and a couple recovered passwords. tried all combos on all 3 login sites and no joy…

gotta be missing somethin easy… of course it’s always easy in hindsight. Lol

any help?

we in the same Boat :blush:
got 5 users + pass and can`t use them anywhere.
maybe rabbit hole…

I can’t find the URL to submit the POST to. I’m enumerating my heart out absolutely everywhere and can’t find the 4th login page.

well finally got user now looking for the root :slight_smile:

and root in 5 min…PM for Help.
10x to @Arrow and @bri77 and @FNGCrysis for point me to the right direction. hope not forgetting any one that help.
it was in front of me and did`nt see it.
i took some brake and it was clear !
that machine teach me some more on web app PT.
it was not easy but after you finish you understand how it can be easy.

Rooted.

Thanks to @Blu3wolf and @feuillemorte for their help. First box attempt and it was frustrating at times. But gosh darn it, we persevered and made it happen. Thank you for the help everyone. My only tip:

…make sure your are using the correct login portal when the time comes. And don’t get tunnel vision. like me.

OK so this is quite an easy box although I must admit getting my request configured correctly to grab the t**** from 3*** took me a while as it’s not 100% obvious what creds to use (when you crack it you’ll see what I mean), but that’s how this kind of thing would be in real life I suppose.

After that though it’s plain sailing as long as you have found all of the login places and gathered all of the relevant users and creds that you can.

Oh and btw a lot of people on here mention the Medium article and the use of cURL and Postman but you can do this just fine with Burp and your fav web browser too.

I personally found User and Root text files in exactly the same way once logged in so not sure if you were supposed to follow a different path? However in conclusion this box is tricky in places and has plenty of pitfalls to navigate around before you easily get across the finish line.

■■■■ I was pulling my hair out trying to get that JWT curl command to work but a quick play around with end points and removing something that was not required returned a successful token!

Ecstatic!

Thanks @DrDrizzyT for the nudge without giving too much away. I understand why everyone was so let down by root… could have been a few ways to make that more interesting but the learning of curl for json web tokens was worth putting in the effort.

Some hints:

  1. Yes, do a heap of enumeration. I have already learnt this from ippsec videos as I have watched a LOT of his videos so this part was easy for me. I found all the directories and files first try using correct extensions which I run every time I hop onto a box. Dirbuster will find this for you straight away or you can use Gobuster and change status codes. Best thing about dirbuster though is that it is recursive.

  2. Once you have creds: same as majority of boxes, just because you have found a username to a password doesn’t mean that these two match on every part of the machine. I have found on multiple boxes that USERS are interchangeable. A common error by users in real life.

  3. Yes, read the medium article on curl jwt. Couple of decent hints already on this thread but sometimes some extra commands are not needed. It is not always best to copy word for word what is in an article. The main parts are normally correct, but addons sometimes aren’t really needed for the specific machine you are working on (especially if you don’t know what they are doing). Take this into consideration.

  4. If you have done everything successfully so far, especially with enumeration, you should know where this newly acquired token is to be used. Once you receive this first list, and then receive your first creds, have a look at your link again and then have a think. Things should fall into place.

  5. You should know what to do at this point! Quite an easy path from here.

If this is too much of a spoiler, I apologise. I tried to keep it cryptic enough with the little pointers that would have helped me throughout.

Could someone help me with the Token? pn me pls