Official Gofer Discussion

Official discussion thread for Gofer. Please do not post any spoilers or big hints.

GLHF :slight_smile:

1 Like


machine UN-responsive…

same :slight_smile:

It is already rooted.
User: The machine name is a big clue as to which way to go.
Root: If you apply reversing and play with it a bit, you will surely find the right way.

1 Like

Rooted that machine. Some hints:

  • User: enumeration is the key. if you put all the hints together the way becomes clear (you’ll have to look for the right exploit in the end though)
  • Root: it is some easy pwn challenge, be environment-friendly :wink:

u are a legend

Yes, it feels like a hard machine lol

If there wasn’t so much stuff I got to learn from this box it would have been rated easy. It makes sense why others rooted so fast, and why I took so long to get root, but I learned a lot and that is exactly why I am here.

Tip 1. Listen to lim8en1
Tip 3. gobuster and ffuf are going to miss something, try wfuzz instead.
Tip 4. 23+who
Tip 8. Listen to lim8en1


I’have a question… I found a subdomain with 401 but i can’t see nothing. Curl don’t work. Any idea? I’m stuck in this part… Thanks

Try other req method tho.


Is it a problem with the request method? I’m trying to access the website, but it requires a password

no thats intended

i am not sure you did this on purpose or not but there is a huge or i can say the clear way to root this machine in your message. Smart i give you that

found a subdomain but can’t figure out the creds, can anyone help with that ??

Any tips on finding this subdomain? Having no luck with gobuster dns.

I have my payload ready I think, just struggling to work out how to bounce it haha

Me too.

I think I am missing something. :frowning:

Everything in the post is intentional.

1 Like

Any root hint?