you can get credentials from another vul.
1 Like
got the panel but default creds are not working, any nudge?
PM me i will give you a hint
Was the root flag weirdly easy to find for anyone else or did I get lucky somewhere? I found it before getting a footholdā¦
Can you dm how? Its not supposed to happen I think
It was a python http server found via nmap thatās no longer there - could that be someone else on the box? Is that even a thing? Still a bit of a newbie so genuinely interested in finding out if anyone knows lol
i think it got patched out.
time based is so slow dm me tips so i can go faster XD. guess some params is all i got lol.
1 Like
I got foothold for now, but im not sure how to progress from here. Can someone give me a hint?
I have the the feeling im just oblivious
strangeā¦ I got both flags at the same time. guess I missed some middle partā¦
okay, thats confusing me even more 
Nice machine!
1 Like
Is the response Permission denied (publickey). when I try to SSH normal, or is there an issue with my machine? Because I found the credentials but I am stuck
same here. The box doesnt allow public key auth
Need a nudge .
Anyone there ?
Password SSH is turned off. Thats why you are seeing that message.
What is another way to use SSH? Theres something you need to exfil to use.
Need a nudge . about foothold?
Fuzz out a page that looks abusable with a certain technique that dora the explorer uses to find her treasure.
After that you will find an abusable C** that will get you the foothold.
1 Like
I want to try to brute force any users and then passwords for the loginpage, however both of the POST requests are redirects for a GET request and as such the response does not contain the text needed to identify a failed attempt.
Any tips on how to brute force when response is a redirect?
ffuf can follow redirects and search the results using -r
2 Likes