Official Mentor Discussion

Hey guys. Can someone give me a nudge for an auth bypass part? I tried a bunch of J** to**n attacks but nothing… Maybe I should skip this and try other vector?

Feels like the box isn’t stable or i miss something, the UDP spectrum service gives a lot of timeout… could somebody hint if this is a rabbit hole please? even through its couldn’t be :slight_smile:

So is the “something else” at the network level, or web application level?

Box just moved from release VPN to general lab VPN is that your issue? That normally catches me out.

Oh, probably, thanks mate!

web application level

Yes thanks mate…found it…:+1::+1::+1:

stuck on /etc/hosts , any hints pls ?

wrote both the ip and domain name but can’t load the page .

stuck on /etc/hosts ,
any hints pls bro ?

wrote both (ip and domain name)

but cant load the page .

Solved! Thorough reconnaissance is your friend here, don’t rush :slight_smile:

It has hidden something more than a surprise but difficult to crack.

hooray

got through the etc/hosts/ thing .

What took me the most time was enumerating with different tools and still not getting the desired result (I think it was a version mismatch).

If you need help you can PM me.

1 Like

I have access to the page but I don’t understand, like bruteforce .jpg

same here

thought of s3 buckets for a while,

but maybe im wrong .

1 Like

Rooted machine.
I can only really repeat what everyone else is saying, i don’t think a large majority of you guys will pick up what’s required with your normal reconnaissance flags.
Google is absolutely your friend with this one, google “how to exploit {}” or “how to enumerate {}” every step of the way.
Getting to user was 90% of the process, root was essentially free.

I hope this works as a hint for steps towards the foothold and not a spoiler:

There’s a protocol you’ve got to actively search through, it’ll help you discover locations to walk along.

3 Likes

OK I’m about to give up here…I can’t get anything out of this service other than the standard (and not very much) information. Do we need a different password or something to get more information?

Dont give up mate, there are just one thing that youll really need. Try to bruteforce there something and that will give you the thing you need.

Thanks I’ve found it with the help of a hint from someone…what’s REALLY annoying is that this “thing” is in multiple wordlists that I’ve been trying for days with various tools and they gave no results…just tried an obscure tool that I’ve never heard of and it finds it :rage::rage::rage:

Thank you for your post. This has been extremely frustrating for me as well and I was about to give up, but I decided to search for other tools after seeing this. Found it almost immediately. The traditional tool was failing to find what I was looking for even though the wordlists I was using contained the correct value :tired_face:

1 Like