I just started poking at it, so I'm still enumerating and working on user. Is the serial number thing a dead end? Edit: It is not a dead end. Just had to enumerate more.
can confirm, is a headache. the environment is obvious and pretty cool, but personally I do not know anything when it comes to stuff like this. I think the same goes for a lot of people on HtB, hence the lack of root.
@opt1kz said:
I just started poking at it, so I'm still enumerating and working on user. Is the serial number thing a dead end? Edit: It is not a dead end. Just had to enumerate more.
Thank you for this. I have been scratching my head for too many minutes.
@stonepresto said:
can confirm, is a headache. the environment is obvious and pretty cool, but personally I do not know anything when it comes to stuff like this. I think the same goes for a lot of people on HtB, hence the lack of root.
Pretty much this. After getting user and poking around/enumerating a bit, I have no idea where to even start. So many things to investigate and so many things that are probably rabbit holes...
@opt1kz said:
I just started poking at it, so I'm still enumerating and working on user. Is the serial number thing a dead end? Edit: It is not a dead end. Just had to enumerate more.
@opt1kz said:
I just started poking at it, so I'm still enumerating and working on user. Is the serial number thing a dead end? Edit: It is not a dead end. Just had to enumerate more.
Privesc was a pain in the ass. Here's a hint: on the web page pay attention at what you read even if it looks funny or silly at the first sight, maybe because it could be something useful later on
Comments
I just started poking at it, so I'm still enumerating and working on user. Is the serial number thing a dead end? Edit: It is not a dead end. Just had to enumerate more.
Still no root - given how quickly people have been dropping user, the escalation must be a nightmare.
Happy to help people but PLEASE explain your problem in as much detail as possible!
Also: https://www.nohello.com/
can confirm, is a headache. the environment is obvious and pretty cool, but personally I do not know anything when it comes to stuff like this. I think the same goes for a lot of people on HtB, hence the lack of root.
Thank you for this. I have been scratching my head for too many minutes.
Pretty much this. After getting user and poking around/enumerating a bit, I have no idea where to even start. So many things to investigate and so many things that are probably rabbit holes...
Stuck at this point.
Edit: Got it
Learn | Hack | Have Fun
Remember that snowscan is a troll, many dead ends after user.txt
still at this point
EDIT: Got it
struggling to even get user. any help would be appreciated
thanks
did you find the doc? it seems we need to get default user/pwd from the chasiss but enumerating with common tools and wordlists didn't work out for me
I have found a few documents yes, still not able to find any chassis that it refers to. i'll pm you.
same boat
join the club lol
Documents is the key for getting user. Back to basics. Start from port scan again but not only tcp.
ye just found it thanks
For anyone stuck on the initial foothold - remember that TCP isn't the only way to transmit data
For anyone stuck on the Priv Esc - i'm in the same boat as you....
I have no idea where to go after getting access to the admin console
i got rce but no shell yet, i can just ping myself from the box haha
Got user. Time for some root.
getting user is not difficult.
still no clue about privesc!
Anyone else have/had trouble to get s******k working? Gives "Timeout: No response", command syntax should be correct.
Same. Frustrating. People are saying it is easy though. Think brain, think!
Weird. Because I am already root but i just can find user flag. PS.: I didnt privesc I am already root
I like these themed/realistic challenges. Yey
Probably because there are multiple challenges after that shell ?
I have RCE
Privesc was a pain in the ass. Here's a hint: on the web page pay attention at what you read even if it looks funny or silly at the first sight, maybe because it could be something useful later on
I seem to be stuck on this already.. I only have the following.
Spoiler Removed