PlayerTwo

I guess we might as well start a thread for this box. Good luck.

Good luck everyone.

Spotted an interesting service, but with no vulnerabilities/knowledge about the backend I’m not sure what’s meant to be done.

Is bruteforce needed on this box?

found an interesting t***p service, but still trying to figure out how to enumerate it, or if this is a rabbit hole?

Got all the creds but 2fa is walling me :confused:

Type your comment> @trollzorftw said:

Got all the creds but 2fa is walling me :confused:

It’s 1-2-3-4-5.

(edit: this is a reference to a movie gag, don’t mean to send anyone astray here)

Hum, getting a strange picture on a page, rabit hole ?

I’m a little lost how to enumerate t****

Got a set of creds, no idea how to deal with TOTP.

Is some form of brute forcing needed to identify the t---- paths on that port it is on? That does not feel like the right approach. Or have I failed to discover something in recon elsewhere?

Always happens. Once I finally “give in” to ask a question, I figure something out.

The subtle shoutouts amuse me.

If you have done the first general scans. Creds do not require brute force. I’m thinking of the next step.

Type your comment> @IhsanSencan said:

If you have done the first general scans. Creds do not require brute force. I’m thinking of the next step.

I went back in notes and noticed few overlooked clues in recon. Tried them and found way to get creds. Those do not work in the obvious page one would try them.

Hrm.

Type your comment> @trollzorftw said:

Got all the creds but 2fa is walling me :confused:

I’m in the same situation. I’ve gotten all the credentials, but once I find a set that works, OTP is killing me. I’ve been going back over my recon and looking for something I missed or places to try more recon, but so far I’ve got nothing. :frowning:

Type your comment> @jfx41 said:

Type your comment> @trollzorftw said:

Got all the creds but 2fa is walling me :confused:

I’m in the same situation. I’ve gotten all the credentials, but once I find a set that works, OTP is killing me. I’ve been going back over my recon and looking for something I missed or places to try more recon, but so far I’ve got nothing. :frowning:

all the creds. … D’Oh!

I’m not down with OTP.

Type your comment> @f00l8r1t3 said:

I’m not down with OTP.

Apparently neither am I. :frowning:

As always I do there’s no bruteforcing needed and there’s no social engineering involved. What you needed is already there. Keep playing the Game :slight_smile:

hosts

I can’t connect to 8***, is it a loophole or my internet connection?
Thanks.