After finding FingrTip, Agent Dylan gives us the AccessBio XKeyScore entity. He then says something about finding a connection between it and... something else. F.A.Y. filtering only gives me the AccessBio entity, and I have no idea what the game expects me to do.
I'm also at the same point. I have the XKEYSCORE entity but I'm not too sure what to do with it. I've tried looking for anything remotely similar to fingrtip online but found nothing.
I found the answer, there's a new file in the localhost folder, viewing it gives you another XKeyScore entity. I dont remember Dylan saying anything about localhost, which would explain our confusion.
i am at the point "find bastek client list" /spoiler i am in the system.nexxit.com server. with wmi scanner i find 4 options, the ERP server is vulnerable with Verboten but i cant find a connection.. No MITM, No wifi, no active directory, im stuck ..
I can't find a way into the level 4 target's network I've tried osint, sfuzzer, Social engineering but nothing is giving me a foot in the door. Any help?
Alphabravo. You're trying t access bast___? I think you need to fingerprint them a bit more thoroughly. Spoiler One of the agents will notice the tech being used and recommend another approach
In my notes I have that after you fingerprint the various urls, you see they're all secure Spoiler But then agent Dylan points out that he may have a way to break into systems running FingrTip If you're not finding any urls with osintscan, maybe sfuzzer? (honeslty don't remember)
Hey guys, I know this thread is some time old but I am stuck on this chapter at the same stage mentioned above. The problem I am having is trying to access Bastek's employee directory Spoiler via sara's phone . Can someone point me in the right direction????
Go into the phone's settings and activate the personal hotspot. Pretend that's a turbine card. Hope that helps.
Thanks for the reply Dgray. Sorry, its the step after that I am trying to complete. Spoiler The hotspot is activated so I can access that as a turbine card. Its finding a way into the employee's directory I am stuck on. I have found an additional Spoiler sub-doamin via sfuzzer (mecache.bastek) but this is up-to-date. I have Spoiler completed a wmi scan on the internal network when connected to the phone and dug the pathways. When trying to exploit the them, no luck with that. Can connect to one pathway via file browser Spoiler along with mecache.bastek but have no usernames to carry out password crack. Also tried social eng and MITM but nothing found. Any other pointers would be great. Thanks, Jay.
