spent hrs in dirb and snmp and found nothing ::
any hint?
Do I need to consider the /s*****-s***** page? I didnāt see anyone mention this before. Iāve tried a lot of 403 byp*** but nothing works.
Nope, leave this page alone. Try to see how you could discover other hosts and to go forward try to see if you get a common service of UDP that could reveal you a great āsecretā.
Do you mean the 161 port? I found it and performed some enum but I thought it was not necessary 
. I will reconsider it. Thank you mate
If you need any hints you could PM me 
the box is pretty annoyingā¦
DM me if anyone need help
1 Like
There are so few hints in this threadā¦
Foothold:
- Properly enum all ports
I would tell you a joke about UDP, but you probably wouldnāt get it
- Note that version 2c != 1 (important when using some tools)
- If you see one site, always search for another
- When you got elevated privileges with enum data, the rest is a matter of technique
User 1:
- Information about some users of the box is in the database, use this
User 2:
- Quite popular for the real world, found the password - shove everywhere
Root:
- No comments
Didnāt mean to spoil it, if so please let me know.
4 Likes
Hello,
I think the box is having some problems with JWT auth, but donāt want to spoil anything, how can it be confirmed?
Regards
Hey mate, PM me with your concerns
At last I finally rootedā¦quite possibly one of the most frustrating boxes Iāve ever experienced.
But I learned a LOT from this box.
I canāt add any better hints than Lnevx above (
helped me a lot), other than to say by far the hardest part is the initial foothold, and for User 2 you need to look absolutely everywhere, and try everything you find that may look like a password.
Thanks also to devi4nt for the help with the DMsā¦helped a lot.
Sirius3000
hey script kiddies, try to use your brain not a random fuzzing wordlist; especially when you find an injection. The box is unstable because of the payloads thrown by people.
Thanks for the box tho
I am stuck on the foothold. I have found the extra API endpoints, and I have enumerated SNMP for some extra information. However, I havenāt been able to get admin access to the API.
I tried using information from SNMP to log in to the API, tried editing the JWT tokens, and tried using various combinations of username and email address to bypass the API login. However, I have had no luck with any of those approaches. What am I missing?
Enumerate the service. more
I managed to get a shell. After accidentally exiting the shell I attempted to create another. The server continuously hung. I reset and got another single shell and then repeated the process of getting locked out. Is this normal behavior for this box?
Hi everyone, Iāve just started this box and I want to know if anyone has ever had the same problem as me. Iāve added the domain into the /etc/hosts file, but the site is unreachable. Any hint?
Thanks.
I think yes, when i was doing this box i had the same issue.
Check if any typo or try to reset the box
Thanks for confirmation. Someone happened to reset the box then outside of myself and then it seemed to work wonderfully. Cheers
If you have trouble finding the hidden site, try resetting the box, it works for me:)