Official MetaTwo Discussion

system · October 29, 2022, 3:00pm

Official discussion thread for MetaTwo. Please do not post any spoilers or big hints.

eMVee · October 29, 2022, 8:32pm

Good luck everyone I wish I could join today by hacking this machine

JacobE · October 29, 2022, 10:13pm

Rooted! Very nice machine!

Nevuer · October 29, 2022, 11:42pm

Another Root here, entertaining with new things.

Any questions DM !!

suraj · October 30, 2022, 4:15am

how to login with pgp key

Zerox9137 · October 30, 2022, 12:01pm

Usered! Because I don’t root!

myusername · October 30, 2022, 2:21pm

I have the password for the passpie account and I am still getting permission denied on extracting r***.passpie if someone could dm me that would be super helpful

myusername · October 30, 2022, 2:37pm

I made it I do not think this was an “easy priv esc”

nullb1te · October 30, 2022, 2:52pm

An excellent easy rating machine.
For anyone stuck feel free to PM.

L0gicB0mb · October 30, 2022, 3:25pm

Any hint how to start or where should we exactly look. I am beginner so it would be very helpful if I get a hint. Currently I am beating around the bush. I found a login page made of wordpress. And trying to brute force it.

tech77 · October 30, 2022, 5:45pm

same here aswell. Have you had any luck yet?

XSSDoctor · October 30, 2022, 7:21pm

Great machine. I learned a lot. PM me if you need help

Yukari · October 31, 2022, 12:33am

Bruteforce is the wrong way. Check the plugins using WPScan/Burpsuite.

L0gicB0mb · October 31, 2022, 3:08am

I did that but didn’t ring any bell

T3NO · October 31, 2022, 4:33am

check burp response for plugin details

N3onKn1ght · October 31, 2022, 6:23am

You found a login page?? I haven’t found anything, I found an ftp port, which I can’t connect to, an ssh, which I don’t think I can connect to, and an http port, which I tried visiting and it doesnt go to anything.

L0gicB0mb · October 31, 2022, 6:29am

add the ip to and the site metapress.htb to your host list etc/hosts

N3onKn1ght · October 31, 2022, 6:41am

Okay, I will try that, thanks

lulF · October 31, 2022, 9:20am

Hello Guys,
Somehow I can’t get any further. I already found out which FTP server the machine uses (ProFTPD) and tried to hack it without success, after that I tried something with the openssh server, which of course didn’t work either. Then I ran nmap scan again and I think I found a directory to http port “http://metapress.htb/wp-admin/”. I already added metapress.htb with the IP in the /etc/hosts file and I tried to use the tools wpscan, gobuster and dirb, all except dirb give me an error code (“timeout or The url supplied ‘http://metapress.htb/’ seems to be down”) and dirb finds nothing.

Can someone please help me?.

Dark0x3 · October 31, 2022, 1:48pm

Hello, I found the plugin’s vuln and I did the SQLi tests via curl, now I’m running sqlmap , it already brought me the database but I can’t access the column, it’s giving me an error in sqlmap , could you give me a hint where proceed?[quote=“jad2121, post:12, topic:266820, full:true”]
Great machine. I learned a lot. PM me if you need