Official Jupiter Discussion

system · June 3, 2023, 3:00pm

Official discussion thread for Jupiter. Please do not post any spoilers or big hints.

FireofGods · June 3, 2023, 7:24pm

The machine is currently really unstable, but I guess that’s expected from a release arena machine

surgeballs · June 3, 2023, 9:08pm

I am lost, there is absolutely nothing I can see on the site or from nmap that is of any use

JimShoes · June 3, 2023, 9:16pm

I can probably nudge you to the next step, but I’m not much past where you are. Feel free to DM.

UncleHoward · June 3, 2023, 10:01pm

Just append an ampersand to the end of your command so it runs in the background

Gabo · June 3, 2023, 10:06pm

Oh thank you bro!

DreamWalker · June 3, 2023, 10:41pm

I’m stucked in the login portal. can’t able to bypass. any hints?

mat0z · June 3, 2023, 11:35pm

any hint? i already enumerated the machine correctly (i think)

FireofGods · June 3, 2023, 11:45pm

Finally rooted.
This was a really nice and balanced machine that actually tested your thinking skills.
At no point did I feel like I had to make a leap of faith, which is something I can’t quite say about some of the other machines I did lately.

I think it is a bit late to give out a machine synopsis so I’ll just say that for this machine, you should do two things: enumerate and read about the technology at hand.
If you’ll do those two things, you’ll finish the machine in no time!

petrock6 · June 4, 2023, 1:08am

I can tell I am stuck riiiiiiiiiiiiiight behind getting the user flag. Any nudges on the Jupiter side of things?

caseyv · June 4, 2023, 1:15am

Can someone give me a nudge on the initial enumeration, i cannot find anything.

Nothing is coming up in the sub domain enum or directory brute force.

petrock6 · June 4, 2023, 1:20am

@caseyv You are thinking horizontally, you need to think vertically. Do much longer enumeration.

caseyv · June 4, 2023, 1:22am

hmmmmmmm

angel · June 4, 2023, 1:35am

Does anyone have a clue to get into the machine?

caseyv · June 4, 2023, 1:42am

i am trying jupiter moon names other planets but not finding anything.
Maybe its my tool, i am using gobuster what are you guys using?

lim8en1 · June 4, 2023, 2:37am

I’ve finally pwned that machine. Overall not a bad machine, annoying but satisfying
User part is enumeration heavy though after you find the way exploiting it is not that hard.
Root part is trivial (or was that an unintended way?)

Some hints:

User: enumerate the web server. After finding something hidden, enable burp proxy, and poke around a little. Check out the requests sent, after that getting the foothold is easy. Move stuff around.
Root: not sure what to write here. hmm… enumerate local fs, that’s the hint.

petrock6 · June 4, 2023, 2:38am

@lim8en1 Was the root flag a lot of work? I’m waist deep in something I found and downloaded right now.

lim8en1 · June 4, 2023, 2:40am

check out that file first. read my hint.

I also downloaded that, but that wasn’t necessary

caseyv · June 4, 2023, 3:00am

I finally got past where i was stuck, Gobuster wasnt working correctly and switched to ffuf to find what i needed.

pekka46 · June 4, 2023, 4:53am

is the foot hold in grafana url shortener

Topic		Replies	Views
Official Phoenix Discussion Machines	27	2921	June 7, 2022
Official Ophiuchi Discussion Machines	135	15895	July 3, 2021
Official Interface Discussion Machines	98	5959	May 13, 2023
Official Omni Discussion Machines	358	40620	January 12, 2021
Official Chemistry Discussion Machines	371	15150	February 7, 2025

Official Jupiter Discussion

Related topics