Official Mentor Discussion

spent hrs in dirb and snmp and found nothing ::
any hint?

Do I need to consider the /s*****-s***** page? I didn’t see anyone mention this before. I’ve tried a lot of 403 byp*** but nothing works.

Nope, leave this page alone. Try to see how you could discover other hosts and to go forward try to see if you get a common service of UDP that could reveal you a great “secret”.

Do you mean the 161 port? I found it and performed some enum but I thought it was not necessary :joy: . I will reconsider it. Thank you mate

If you need any hints you could PM me :slight_smile: the box is pretty annoying…

DM me if anyone need help

1 Like

There are so few hints in this thread…


  • Properly enum all ports

    I would tell you a joke about UDP, but you probably wouldn’t get it

  • Note that version 2c != 1 (important when using some tools)
  • If you see one site, always search for another
  • When you got elevated privileges with enum data, the rest is a matter of technique

User 1:

  • Information about some users of the box is in the database, use this

User 2:

  • Quite popular for the real world, found the password - shove everywhere


  • No comments :smile:

Didn’t mean to spoil it, if so please let me know.



I think the box is having some problems with JWT auth, but don’t want to spoil anything, how can it be confirmed?


Hey mate, PM me with your concerns :slight_smile:

At last I finally rooted…quite possibly one of the most frustrating boxes I’ve ever experienced.

But I learned a LOT from this box.

I can’t add any better hints than Lnevx above (:+1::+1::+1: helped me a lot), other than to say by far the hardest part is the initial foothold, and for User 2 you need to look absolutely everywhere, and try everything you find that may look like a password.

Thanks also to devi4nt for the help with the DMs…helped a lot.


hey script kiddies, try to use your brain not a random fuzzing wordlist; especially when you find an injection. The box is unstable because of the payloads thrown by people.

Thanks for the box tho

Exactly what I tried cracking, but that bucket belongs to

I am stuck on the foothold. I have found the extra API endpoints, and I have enumerated SNMP for some extra information. However, I haven’t been able to get admin access to the API.

I tried using information from SNMP to log in to the API, tried editing the JWT tokens, and tried using various combinations of username and email address to bypass the API login. However, I have had no luck with any of those approaches. What am I missing?

Enumerate the service. more

I managed to get a shell. After accidentally exiting the shell I attempted to create another. The server continuously hung. I reset and got another single shell and then repeated the process of getting locked out. Is this normal behavior for this box?

Hi everyone, I’ve just started this box and I want to know if anyone has ever had the same problem as me. I’ve added the domain into the /etc/hosts file, but the site is unreachable. Any hint?


I think yes, when i was doing this box i had the same issue.

Check if any typo or try to reset the box

Thanks for confirmation. Someone happened to reset the box then outside of myself and then it seemed to work wonderfully. Cheers

If you have trouble finding the hidden site, try resetting the box, it works for me:)