Official discussion thread for Gofer. Please do not post any spoilers or big hints.
It is already rooted.
User: The machine name is a big clue as to which way to go.
Root: If you apply reversing and play with it a bit, you will surely find the right way.
Rooted that machine. Some hints:
- User: enumeration is the key. if you put all the hints together the way becomes clear (you’ll have to look for the right exploit in the end though)
- Root: it is some easy pwn challenge, be environment-friendly
u are a legend
Yes, it feels like a hard machine lol
If there wasn’t so much stuff I got to learn from this box it would have been rated easy. It makes sense why others rooted so fast, and why I took so long to get root, but I learned a lot and that is exactly why I am here.
Tip 1. Listen to lim8en1
Tip 3. gobuster and ffuf are going to miss something, try wfuzz instead.
Tip 4. 23+who
Tip 8. Listen to lim8en1
I’have a question… I found a subdomain with 401 but i can’t see nothing. Curl don’t work. Any idea? I’m stuck in this part… Thanks
Try other req method tho.
Is it a problem with the request method? I’m trying to access the website, but it requires a password
no thats intended
i am not sure you did this on purpose or not but there is a huge or i can say the clear way to root this machine in your message. Smart i give you that
found a subdomain but can’t figure out the creds, can anyone help with that ??
Any tips on finding this subdomain? Having no luck with gobuster dns.
I have my payload ready I think, just struggling to work out how to bounce it haha
I think I am missing something.
Everything in the post is intentional.
Any root hint?