As a general rule for bruteforcing things, don’t just use stock word lists. Keep a tailored one for your target. When you find something on your target, add it to your list. e.g. If you find a user account, add it to your user word list.
I have problem with s**o
My I please a hint? or better discuss…
@smjogi said:
I have problem with s**o
My I please a hint? or better discuss…
enumerate more
There is a linux command that will help you a lot to figure out what is going on.
Just when you think you have it and then nope.
I have question that people will understand who did root access to mischief box.
Do I need to know password of [SPOILER] user?
[SPOILER DELETE]
is a 127.0.0.1-only bound port relevant to getting user?
Got user (FINALLY). What a ride so far!
This box really gets you back to the fundamentals of enumeration and then some.
r00ted. Sneaky machine, really sneaky. Enjoyed it all the way up to user, root was kind of lame in my opinion.
P.M. me if you need any nudges.
I’m stuck at web protected page with 2 creds on the page, tried to bruteforce with those creds, none are working. Found 2 tcp and udp. Anyone can shed some lights what’s the next step?
Thank you
@kecebong said:
I’m stuck at web protected page with 2 creds on the page, tried to bruteforce with those creds, none are working. Found 2 tcp and udp. Anyone can shed some lights what’s the next step?
Thank you
Enumerate!
@pzylence said:
@kecebong said:
I’m stuck at web protected page with 2 creds on the page, tried to bruteforce with those creds, none are working. Found 2 tcp and udp. Anyone can shed some lights what’s the next step?
Thank youEnumerate!
thanks, got 2nd login page, sqli and hydra none are working. am i on the correct path or rabbit hole ?
I’v enumerated with gobuster and dirb using dirbuster list but not finding anything after getting into the first login… can anyone send a hint?
Rooted this box, great box
hi all,
i need some help iam stuck on this box. i have found a 02 creds and loged on web the creds dont work on ssh i already found the highest udp port and i have seen another web service running on . i think that was a relation between a udp port and web server. i dont know what?
please help me iam stuck
Hi all! I’ve found 3 ports, 2 creds. 1 leads me to index page. Dirb gives me nothing but the index page. I’m out of idea! This box is illusion.
tried a bunch of combinations with burp suite intruder on the second login page… dont know how to proceed
@christo said:
tried a bunch of combinations with burp suite intruder on the second login page… dont know how to proceed
back to basics, marty!