Official MetaTwo Discussion

Official discussion thread for MetaTwo. Please do not post any spoilers or big hints.


Good luck everyone I wish I could join today by hacking this machine :slight_smile:


Rooted! Very nice machine!

1 Like

:musical_note: Another Root here, entertaining with new things.

Any questions DM !! :grinning:

how to login with pgp key

Usered! Because I don’t root!

I have the password for the passpie account and I am still getting permission denied on extracting r***.passpie if someone could dm me that would be super helpful

I made it :smile: I do not think this was an “easy priv esc”

An excellent easy rating machine. :smiley:
For anyone stuck feel free to PM.

Any hint how to start or where should we exactly look. I am beginner so it would be very helpful if I get a hint. Currently I am beating around the bush. I found a login page made of wordpress. And trying to brute force it.

same here aswell. Have you had any luck yet?

Great machine. I learned a lot. PM me if you need help

Bruteforce is the wrong way. Check the plugins using WPScan/Burpsuite.

1 Like

I did that but didn’t ring any bell

check burp response for plugin details

You found a login page?? I haven’t found anything, I found an ftp port, which I can’t connect to, an ssh, which I don’t think I can connect to, and an http port, which I tried visiting and it doesnt go to anything.

add the ip to and the site metapress.htb to your host list etc/hosts

Okay, I will try that, thanks

1 Like

Hello Guys,
Somehow I can’t get any further. I already found out which FTP server the machine uses (ProFTPD) and tried to hack it without success, after that I tried something with the openssh server, which of course didn’t work either. Then I ran nmap scan again and I think I found a directory to http port “http://metapress.htb/wp-admin/”. I already added metapress.htb with the IP in the /etc/hosts file and I tried to use the tools wpscan, gobuster and dirb, all except dirb give me an error code (“timeout or The url supplied ‘http://metapress.htb/’ seems to be down”) and dirb finds nothing.

Can someone please help me?.

Hello, I found the plugin’s vuln and I did the SQLi tests via curl, now I’m running sqlmap , it already brought me the database but I can’t access the column, it’s giving me an error in sqlmap , could you give me a hint where proceed?[quote=“jad2121, post:12, topic:266820, full:true”]
Great machine. I learned a lot. PM me if you need