There are two websites, one of them is a login.
My box took awhile to load the second domain, although the port showed up on rust scan, just grab a drink and it should fix itself. I think the box takes time to āWAKEā up
1 Like
I got some helpful info by using the API but not sure If itās useful lmaooo. Iām gonna take a step back sometimes that helps when your so tunneled on one thing.
1 Like
Iām hitting walls left and right!
Maybe some SAML token manipulation or injection?
Anyone else having a lot of trouble with enum? Everything is so slow ): highest i have gotten on fuzzing is 20 requests a second ):
There is a very very specific way to get around this. Not sure what part youāre at but it is intended.
1 Like
Isnāt there an option to only allow X threads per second?
Im pretty sure its rate limited on purpose.
FYI If you do try to fuzz a certain something you can lock the box out and have to reset. Know from experience 
1 Like
There are three websites. But did you find the other login page in the subdomain? I think thats another rabbit hole. I also been trying to do enumeration but it keeps giving me an error waiting for headers with gobuster. I tried with the option -t for threads but with no luck.
Has anyone else tried some sort of SAML manipulation? Iāve been beating this keyboard like it owes me money, and nothinā! Any leads?
Ngl thereās more than three. 
1 Like
How do you manage to do the enum because I see that its rate limiting and no matter if upscale the threads or increase the timeout, it keeps failing.
GOOD LORD. How many subdomains / logins this thing have 
HELP! Lol
4 Likes
Iām getting a ton of redirection, failures, logins, etc.
I found some new XMLs but my eye holes canāt stay open!!
Welp, Iām tappinā out for now.
Good luck, if you drive forward! 
1 Like
Everyone being quiet on this box Lol
Time to get back at it baby!
1 Like
Any hint? I have been enumerating and testing everything but 0% progress 
Not sure on the true path but ive found a something with the aid of someone else related to a subdomain login.
it involves 
. It works but takes some good working knowledge of that exploit to get it.
You found more than 1 login page?
Yes Ive found 3. 1 is on a different port. the other 2 are on the normal one.
It takes awhile becuase the box is rate limited. But your FFUF should find them eventually just takes forever. You cant increase threads on your FFUF becuase it will cause errors and skips over some of the words. Anytime i tried to increase my rate it would error and time out. But if i run at the nomral 40 threads slowly it works consistently.
Theres 2 subdomains for sure ive found are required.