I’m stuck with this otp… which app should I use to import the backup?
Anyone will please help me regarding file reverse. Got some error while running reverse code.
Uncipher code is very similar to cipher code, you only need to replace the Encryptor by a Decryptor, change the mode for the files and swap the read and write operations. The “hard” part is to find the initial value for the random. UPDATE: If the key is invalid, the uncipher will fail, maybe it’s the errors you have.
I am also stuck on the otp. I am not sure if we are supposed to bypass it using a web vuln or use the info we found before to legitimately find a code. The second option seem complicated (a lot of crypto )
ffuf + 2fa.req
Sometimes OTP does’t need.
Go to the easy way.
Use KeePass
try file <decrypted.file>
on your linux box
It should be some well-known type of file
Anybody here already got System? Hanging in the air with this. On User I might can give some hints
do I need to decrypt Authenticator backup codes
or 6-digit wfuzz
Able to execute commands but not able to get shell as antivirus blocks me. Any hint regarding this?
There are some places in a Windows, where you always can put stuff…I’m pretty sure a cat will find it nice there. And if you call here with a cmd she will call for you
It’s not difficult with rockyou, but you will spend time researching the authentificator source code.
i don’t search for authentificator source code
i’m searching for decrypting
info from the keypass .kdbx ==> note { ***:{encrypted:true, “hash”:"61}
nothing of this…
thank’s
i’m using ffuf -request -http2
but it don’t find the six digits pass
Finally rooted that box, a big thanks to @PinkIsntWell, @evilByt3, and Xsploit2 (aka SomeOneGood) for helping me out. The box is very nice, for PE it is hard to find the right tools but once you find them the way is pretty straightforward. User is long & hard with a lot of problems to solve.
Overall it was a valuable learning experience
And another hint for the root: check your groups - that is the way.
any luck? i crunched all combinations of 6 digits, and used ffuf for the bruteforcing, but can’t find the right one.
Edit: don’t worry, eventually got it, all headers need to be included, can dump the req from burp then pass to ffuf
Someone receives this message
Cleanup in Progress - Teamcity
When he fuzz on 6 Digit Code
Pass the 2FA, but stuck on teamcity.
Maybe need Higher Permission?
You already have the permission you need.