Official MetaTwo Discussion

system · October 29, 2022, 3:00pm

Official discussion thread for MetaTwo. Please do not post any spoilers or big hints.

eMVee · October 29, 2022, 8:32pm

Good luck everyone I wish I could join today by hacking this machine

JacobE · October 29, 2022, 10:13pm

Rooted! Very nice machine!

Nevuer · October 29, 2022, 11:42pm

Another Root here, entertaining with new things.

Any questions DM !!

suraj · October 30, 2022, 4:15am

how to login with pgp key

Zerox9137 · October 30, 2022, 12:01pm

Usered! Because I don’t root!

myusername · October 30, 2022, 2:21pm

I have the password for the passpie account and I am still getting permission denied on extracting r***.passpie if someone could dm me that would be super helpful

myusername · October 30, 2022, 2:37pm

I made it I do not think this was an “easy priv esc”

nullb1te · October 30, 2022, 2:52pm

An excellent easy rating machine.
For anyone stuck feel free to PM.

L0gicB0mb · October 30, 2022, 3:25pm

Any hint how to start or where should we exactly look. I am beginner so it would be very helpful if I get a hint. Currently I am beating around the bush. I found a login page made of wordpress. And trying to brute force it.

tech77 · October 30, 2022, 5:45pm

same here aswell. Have you had any luck yet?

XSSDoctor · October 30, 2022, 7:21pm

Great machine. I learned a lot. PM me if you need help

Yukari · October 31, 2022, 12:33am

Bruteforce is the wrong way. Check the plugins using WPScan/Burpsuite.

L0gicB0mb · October 31, 2022, 3:08am

I did that but didn’t ring any bell

T3NO · October 31, 2022, 4:33am

check burp response for plugin details

N3onKn1ght · October 31, 2022, 6:23am

You found a login page?? I haven’t found anything, I found an ftp port, which I can’t connect to, an ssh, which I don’t think I can connect to, and an http port, which I tried visiting and it doesnt go to anything.

L0gicB0mb · October 31, 2022, 6:29am

add the ip to and the site metapress.htb to your host list etc/hosts

N3onKn1ght · October 31, 2022, 6:41am

Okay, I will try that, thanks

lulF · October 31, 2022, 9:20am

Hello Guys,
Somehow I can’t get any further. I already found out which FTP server the machine uses (ProFTPD) and tried to hack it without success, after that I tried something with the openssh server, which of course didn’t work either. Then I ran nmap scan again and I think I found a directory to http port “http://metapress.htb/wp-admin/”. I already added metapress.htb with the IP in the /etc/hosts file and I tried to use the tools wpscan, gobuster and dirb, all except dirb give me an error code (“timeout or The url supplied ‘http://metapress.htb/’ seems to be down”) and dirb finds nothing.

Can someone please help me?.

Dark0x3 · October 31, 2022, 1:48pm

Hello, I found the plugin’s vuln and I did the SQLi tests via curl, now I’m running sqlmap , it already brought me the database but I can’t access the column, it’s giving me an error in sqlmap , could you give me a hint where proceed?[quote=“jad2121, post:12, topic:266820, full:true”]
Great machine. I learned a lot. PM me if you need

Topic		Replies	Views
Official Escape Discussion Machines	113	9227	December 10, 2023
Official Resource Discussion Machines	156	4489	November 23, 2024
Official Meta Discussion Machines	90	7034	June 9, 2022
Official Spectra Discussion Machines	198	22537	June 25, 2021
Official Moderators Discussion Machines	12	2470	October 17, 2022

Official MetaTwo Discussion

Related topics