Official Jupiter Discussion

Official discussion thread for Jupiter. Please do not post any spoilers or big hints.


The machine is currently really unstable, but I guess that’s expected from a release arena machine

I am lost, there is absolutely nothing I can see on the site or from nmap that is of any use

I can probably nudge you to the next step, but I’m not much past where you are. Feel free to DM.

1 Like

Just append an ampersand to the end of your command so it runs in the background


Oh thank you bro!

I’m stucked in the login portal. can’t able to bypass. any hints?

any hint? i already enumerated the machine correctly (i think)

Finally rooted.
This was a really nice and balanced machine that actually tested your thinking skills.
At no point did I feel like I had to make a leap of faith, which is something I can’t quite say about some of the other machines I did lately.

I think it is a bit late to give out a machine synopsis so I’ll just say that for this machine, you should do two things: enumerate and read about the technology at hand.
If you’ll do those two things, you’ll finish the machine in no time! :blush:

I can tell I am stuck riiiiiiiiiiiiiight behind getting the user flag. Any nudges on the Jupiter side of things?

Can someone give me a nudge on the initial enumeration, i cannot find anything.

Nothing is coming up in the sub domain enum or directory brute force.

@caseyv You are thinking horizontally, you need to think vertically. Do much longer enumeration.


Does anyone have a clue to get into the machine?

i am trying jupiter moon names other planets but not finding anything.
Maybe its my tool, i am using gobuster what are you guys using?

I’ve finally pwned that machine. Overall not a bad machine, annoying but satisfying :slight_smile:
User part is enumeration heavy though after you find the way exploiting it is not that hard.
Root part is trivial (or was that an unintended way?)

Some hints:

  • User: enumerate the web server. After finding something hidden, enable burp proxy, and poke around a little. Check out the requests sent, after that getting the foothold is easy. Move stuff around.
  • Root: not sure what to write here. hmm… enumerate local fs, that’s the hint.
1 Like

@lim8en1 Was the root flag a lot of work? I’m waist deep in something I found and downloaded right now.

check out that file first. read my hint.

I also downloaded that, but that wasn’t necessary

1 Like

I finally got past where i was stuck, Gobuster wasnt working correctly and switched to ffuf to find what i needed.

is the foot hold in grafana url shortener