Got root. I had some gaps in knowledge so it took quite a while. The whole box is very CTF like and not anything that would happen on a real-life setup.
My tips:
For user:
I found out that it is good to use multiple dirbusting apps, I used gobuster at the start and it did not find what I needed. Quite a bit of research is needed to get to the point where you can grab the user flag. This thread contains sufficient information to start with, google is your friend as always.
For root:
Read the links in the thread and it's a good idea to do the exercises in those links. For the actual exploit you need to find the thing that does not change and from there you can move up. I strongly advise setting up a local development box with the same OS.
I can see now why the box is only 20 points if you know your overflows it will be relatively simple. If anything I mentioned is a spoiler please remove!
I think the "Difficulty" column relates to the level of difficulty a little more :P But I get what you're saying
I agree with both of you.
I think a lot of people new to HTB will try to start with this box because "its only 20 points, how hard can it be" and it is marked 5/10 (I thought it started out lower than that) with a lot of "easy" votes.
However, judging by the comments on this thread, questions I've been asked and the fact it took me nearly two days to get the first bit of code translation, I wouldn't recommend this to new people. It isn't a bad box, but there is a lot of it which is far from intuitive and not exactly what you'd expect from trying to own a box.
Happy to help people but PLEASE explain your problem in as much detail as possible!
I think the "Difficulty" column relates to the level of difficulty a little more :P But I get what you're saying
I agree with both of you.
I think a lot of people new to HTB will try to start with this box because "its only 20 points, how hard can it be" and it is marked 5/10 (I thought it started out lower than that) with a lot of "easy" votes.
However, judging by the comments on this thread, questions I've been asked and the fact it took me nearly two days to get the first bit of code translation, I wouldn't recommend this to new people. It isn't a bad box, but there is a lot of it which is far from intuitive and not exactly what you'd expect from trying to own a box.
Yeah I agree, I would definitely send them to something like Jerry over this box to start out with
Yeah, not the best starter box. Think it should be worth more than 20 points just for the useless / ridiculous steps to user. First box I've seen where / is staying pretty steady at 50/50.
I decoded all the code and got this word idk********. What do i do with ? And how do I get cred for red?
I am in the same boat as you! The server is vulnerable to a certain user enumeration vulnerability. I have confirmed the existence of 2 usernames I uncovered during the enumeration of another service. This idk******** word does not seem to work against the web service or the shell service. HALP!
I decoded all the code and got this word idk********. What do i do with ? And how do I get cred for red?
I am in the same boat as you! The server is vulnerable to a certain user enumeration vulnerability. I have confirmed the existence of 2 usernames I uncovered during the enumeration of another service. This idk******** word does not seem to work against the web service or the shell service. HALP!
Keep enumerating further there is something you might be missing... This box becomes unstable at times and after running my scan again after a reset some new things have shown up.
I decoded all the code and got this word idk********. What do i do with ? And how do I get cred for red?
I am in the same boat as you! The server is vulnerable to a certain user enumeration vulnerability. I have confirmed the existence of 2 usernames I uncovered during the enumeration of another service. This idk******** word does not seem to work against the web service or the shell service. HALP!
This you can to get the reverse shell. Enumerate more.
I need someone to help me. I know how to do buffer overflow but this is not having gdb... Then? Even imported the binary to my pc but then address would vary for two differerent pc...
Comments
> No f***ing way this box should be a 20 pointer!
What difference does it make? It's all for practice and learning anyway.
--Skunkfoot
Agree. Don't think about points. Just learn something new in HTB.
Got root. I had some gaps in knowledge so it took quite a while. The whole box is very CTF like and not anything that would happen on a real-life setup.
My tips:
For user:
I found out that it is good to use multiple dirbusting apps, I used gobuster at the start and it did not find what I needed. Quite a bit of research is needed to get to the point where you can grab the user flag. This thread contains sufficient information to start with, google is your friend as always.
For root:
Read the links in the thread and it's a good idea to do the exercises in those links. For the actual exploit you need to find the thing that does not change and from there you can move up. I strongly advise setting up a local development box with the same OS.
I can see now why the box is only 20 points if you know your overflows it will be relatively simple. If anything I mentioned is a spoiler please remove!
PM for tips will try to help out
Check your PMs
Happy to help people but PLEASE explain your problem in as much detail as possible!
Also: https://www.nohello.com/
Well finally got user, now messing about with r** anyone know how to find function addresses without gdb?
Totally agree, but the points awarded normally relates to the level of difficulty of a box.
Those new to HTB could be discouraged if they chose this as their first box.
Finally got root. What a load of bullshit. Thanks @BoiteAKlou , @tobor , and @x00byte for the help.
rooted finally , many thank to @N30C0UNT , @x00byte, and @kecebong (and probably others that I forgot)
in a nutshell f*ck this machine
Is anyone privesc by format string ?
PM
I think the "Difficulty" column relates to the level of difficulty a little more :P But I get what you're saying
--Skunkfoot
I agree with both of you.
I think a lot of people new to HTB will try to start with this box because "its only 20 points, how hard can it be" and it is marked 5/10 (I thought it started out lower than that) with a lot of "easy" votes.
However, judging by the comments on this thread, questions I've been asked and the fact it took me nearly two days to get the first bit of code translation, I wouldn't recommend this to new people. It isn't a bad box, but there is a lot of it which is far from intuitive and not exactly what you'd expect from trying to own a box.
Happy to help people but PLEASE explain your problem in as much detail as possible!
Also: https://www.nohello.com/
Yeah I agree, I would definitely send them to something like Jerry over this box to start out with
--Skunkfoot
Yeah, not the best starter box. Think it should be worth more than 20 points just for the useless / ridiculous steps to user. First box I've seen where
/ 
is staying pretty steady at 50/50.
All 1000 scanned ports on 10.10.10.111 are filteredThis just happened all of a sudden. Reset requested. Somebody's playing around?
edit. Never mind. It was just my VPN that dropped.
That looks like a problem on the box unless its a UDP scan.
I'd rescan and if you get it again, reset the box.
Happy to help people but PLEASE explain your problem in as much detail as possible!
Also: https://www.nohello.com/
Finally, after three days of messing around, I got root thanks to @N30C0UNT for the help.
Got root.... Awesome box. Thanks @TazWake _______________________-----_____
I decoded all the code and got this word idk********. What do i do with ? And how do I get cred for red?
Looking for priv esc now....
Edit:Rooted.....
O> @Divyanshu said:
I am in the same boat as you! The server is vulnerable to a certain user enumeration vulnerability. I have confirmed the existence of 2 usernames I uncovered during the enumeration of another service. This idk******** word does not seem to work against the web service or the shell service. HALP!
Keep enumerating further there is something you might be missing... This box becomes unstable at times and after running my scan again after a reset some new things have shown up.
This you can to get the reverse shell. Enumerate more.
Got user PM me if you need help
I need someone to help me. I know how to do buffer overflow but this is not having gdb... Then? Even imported the binary to my pc but then address would vary for two differerent pc...
How do I get address for env variable without gdb and without gcc and g++ running on the system ?
maybe you could find somethingC that does it for you
But gcc isnt working on system..
I keep getting this instead of segmentation fault... Is box down or something?? Inappropriate ioctl for device
For those struggling with the privesc, there are several ways... You do not require to exploit a binary file
HTB Profile