Official Ghost Discussion

Zhayr · July 14, 2024, 5:11pm

ok, thank you I will try that

G00dfish · July 14, 2024, 5:22pm

Hii Froggie . I’ve found 5, the main 2 domains in the different ports and 3 subdomains. The you need to do it mannualy or can do it with an automated tool?

FroggieDrinks · July 14, 2024, 5:25pm

You can use burp or even curl i think to find it. Im not great with that type of exploit at all and i still dont fully understand it someone had to hold my hand some with it. but will need automated to extract the goodies.

assquired · July 14, 2024, 7:00pm

The hint is to read the code when you get to the instance.

W40X · July 15, 2024, 3:15pm

W177 · July 15, 2024, 11:41pm

Anyone else making progress? I feel like I’ve exhausted every avenue of approach.

FroggieDrinks · July 16, 2024, 12:19am

Where you at. Ive gotten a foothold.

W177 · July 16, 2024, 12:24am

I’m still runnin’!

I think i’ve found a ghost admin page, but am unsure because I get 404, etc.

I’ve tried looking for content API, custom endpoints, database files (which redirect…a lot), I’ve founf the sitemap.xml (however, more rabbit holes, I believe),
I’ve followed up on the redirects, but - 404…
Tried accessing the Ghost API is failing, tried looking for hidden or bugged endpoints, exposedd config files, etc.

I’m ded. I suppose you could say…I’m a

FroggieDrinks · July 16, 2024, 12:31am

You need a actually you need 2 's for foothold.

2 subdomains are needed for foothold.
Feel free to DM me for more detailed nudges.

W177 · July 16, 2024, 12:37am

Thou must, be 'n me…I looked back through my notes and found the dayumm …Jeez…LEt’s see what happens.

bsnun · July 16, 2024, 1:24am

Where we at, boys!?

Been afk for a while… Just starting the box now to check the perspective.

W177 · July 16, 2024, 1:32am

BOO

It’s nuts in here…Just…effin’ nuts. If you need a little assistance (or at least what I can provide, ask away). I’m still pullin intel at the moment.

W177 · July 16, 2024, 1:54am

I found a shite ton of data, DNS, endpoints, one key, and still goin’…however, I gotta take a break. So it’s up to you diligent folk now.

…Kinda’ weird how SpIdErS and GhOsTs go ‘together’, ain’t it?!!
Adios, for now.

FroggieDrinks · July 16, 2024, 1:17pm

BROTHERS
we are getting a good bottom spanking with this one.

iOSEngineer · July 16, 2024, 2:07pm

gobuster will very quickly get you to a login form → it is easily cracked. From there, you will get a lot of info about users and a few directions you could take.

Maybe look for the code source repository as the next step

assquired · July 16, 2024, 3:43pm

And to make sure you actually readdd the code!

FroggieDrinks · July 16, 2024, 7:53pm

LETS GOOOO.

Im fried. This box was so frustrating.

assquired · July 16, 2024, 8:24pm

Good job!!!

FroggieDrinks · July 16, 2024, 8:31pm

Thank you my dude

Seeing the number of pwns so far its clear the Unintended path is what people are doing. The box clearly guides you to the unintended path more than the intended path. I still don’t know how to access the high value target. The unintended path completely bypasses half the box and is so much easier to follow becuase all the permissions and stuff SCREAM do this method.

bsnun · July 16, 2024, 10:16pm

AD exploiting or LOLBins!?

Topic		Replies	Views
Official Resource Discussion Machines	155	4414	November 12, 2024
Official Late Discussion Machines	296	18036	July 30, 2022
Official Flight Discussion Machines	70	5459	May 7, 2023
Official Sandworm Discussion Machines	269	10671	November 17, 2023
Official MonitorsThree Discussion Machines	147	4581	November 20, 2024

Official Ghost Discussion

Related topics