Hey all, I have a reverse shell as w**-d***. I see the p*******_b***** file. I ran "file" on it, looked up the magic bytes. File says it is a***i, and the magic bytes says b*2. I'm stuck at figuring this file out. Can someone PM me with a hint or point me in the right direction? Thanks!
Hello. Please help on on curl options. I've got user fl___s creds, ssh'd to the machine, enumerated the a****-*a and found how the two files are being constantly edited, but I'm not sure how to get cl to work the way I want it to. Please DM me. Thanks
already got the user.txt but still don't know how to priv esc. a bit lost with the a---n-a--a, the two files there and the whole curling. PM with hints on priv esc are appreciated.
I get the root
So to help others solve this challenge i will give you some hints:
- there is a process you can list it using a famou script in this machine. From this output you will see a command with the name of this challenge.
- edit the file that you see used with this command with something you want to know.
- finally, don't execute any command, just whatch the size of the output to open it after.
If anyone wants some help go on PM me but I'm not giving 100% that I will help you since there are many ways to get this machine done just went the "just go by the flow" and it aimed me into beating this one
The first is website look into the "StarWars - May SOURCE be with ya" usr is on the main page just look for "Minecraft SIG Nature"
Second is to msfexploit the website look into administration and what can you do with it "again SOURCE MAY BE WITH YA" but just don't do it on main page (no idea how? PM me)
got meterpreter? good for ya getting USER is same as every machine here
ROOT: well look for interesting files in pwd try to change them a little and come back later just go for coffee look at them again are they same? no ? good for ya found it now who changes them? exploit it! got root.txt flag ? GOOD JOB
Was fun for the third machine now onto a little bit harder G00D L: :CK!
read article on c***, tried c*** commands on the a-a dir for more info.. the html code retrieved is of shell scripts, people are repeatedly uploding s*****s on i****.**p. checked process wit h***, ps commands..got only --c****-a*** with c****** writen on it's right. pls help,, don't know what to do next
hmmm, try to find a relation between different folders in the directory.. and , edit something so you can get what you want instead of what it showed you.
I was able to read the root flag but I can't seem to get a root shell. I got passwd and shadow but I have a feeling decrypting root password for root shell is not the correct way to go. Can someone give me a hint on getting root shell?
Think I might be retarded. This is my second machine. I can not gain access to find user.txt
I have enumerated directories and looked at source. I spotted a s*****.*** in the bottom of html source. Found potential credentials, which don't work for SSH or for Admin Authentication.
Any pointers on recon? I've been looking at this for hours and am wondering am I simply dumb
Hints would be appreciated ! I will continue to read through these posts and look at the source in the meantime.
EDIT: WOW I feel dumb.. note to self, stop overcomplicating things..
EDIT2: did anyone else find that user.txt was empty? I managed up**** a s**** to the server and am browsing the file system, but the flag is empty for me.
I feel like slapping myself right now. Been trying to upload with quite a few different ways, when all that was needed was right there already. On to user now !
Just cannot believe how I made this difficult for myself, definitely DO NOT overthink it.
USER: was pretty straight forward, you do not need a reverse shell to get what you need.Once you get that file work your MAGIC to solve it.
Root: Like others, I spent hours on this when it could have taken me 2 mins to solve it. Look for files close by, see what is happening.See the relationship between files.
Again, do not overthink it and do yourself a favour: read the manual for that famous command!
Working on root now, but I felt i should say this for the people who have to do a full 8+ hours at work and their brain is a little exhausted when they get home and jump on HTB.
INTFH: Pay attention to everything, think like a circa 2007 middle school student taking his first CS class and having to build a webpage. What mistakes do people generally make as beginners when they have a hard time remembering things.
User: The language that's used in this service is notorious for having RCE exploits so just dig around a little bit. If you can't figure out how to get the exploit working there's a youtube video what with a well crafted google search would make it the first video you see. You don't need to pop a shell if you don't want to, File Inclusion worked just fine for me.
****EDIT******: it's worth mentioning that you don't NEED ANY OUTSIDE TOOLS up to ^^^ this point. Everything can be done without downloading anything new, that goes for that FILE as well. Like someone earlier said, OTW is your friend.
Root: Well that was fast, for the record please delete the flags once you get them lol, if you can't then reset the box XD The method is right in front of you, IF you think you have an idea of whats going on, make a non malicious change and see if it works.
I'm banging my head against the wall here.
I've logged into the admin panel but all my attempts to upload a reverse shell failed as zoomla always sanitises everything even if I change the plugin options etc, wondering if anyone could push me in the right direction
Comments
Hey all, I have a reverse shell as w**-d***. I see the p*******_b***** file. I ran "file" on it, looked up the magic bytes. File says it is a***i, and the magic bytes says b*2. I'm stuck at figuring this file out. Can someone PM me with a hint or point me in the right direction? Thanks!
Got it! Thanks! On to root...
Hello. Please help on on curl options. I've got user fl___s creds, ssh'd to the machine, enumerated the a****-*a and found how the two files are being constantly edited, but I'm not sure how to get cl to work the way I want it to. Please DM me. Thanks
Yezus,,,, stop overwriting the index.php with upload ... rly just create some another page.....
root
already got the user.txt but still don't know how to priv esc. a bit lost with the a---n-a--a, the two files there and the whole curling. PM with hints on priv esc are appreciated.
i am noob trying hard since 24 hour lol get user but now stuck in root but i will get it thanks for hints guys this machine explode my brain
Just want to thanks htb and maker of this machine i learn lot from this machine
Got root
So to help others solve this challenge i will give you some hints:
- there is a process you can list it using a famou script in this machine. From this output you will see a command with the name of this challenge.
- edit the file that you see used with this command with something you want to know.
- finally, don't execute any command, just whatch the size of the output to open it after.
PM me if you need more details.
Well, that was some run ^^ r00t3d ^^
If anyone wants some help go on PM me but I'm not giving 100% that I will help you since there are many ways to get this machine done
just went the "just go by the flow" and it aimed me into beating this one 
The first is website look into the "StarWars - May SOURCE be with ya" usr is on the main page just look for "Minecraft SIG Nature"
and what can you do with it "again SOURCE MAY BE WITH YA" but just don't do it on main page
(no idea how? PM me)

Second is to msfexploit the website look into administration
got meterpreter? good for ya getting USER is same as every machine here
ROOT: well look for interesting files in pwd try to change them a little and come back later just go for coffee look at them again are they same? no ? good for ya found it now who changes them? exploit it! got root.txt flag ? GOOD JOB
Was fun for the third machine now onto a little bit harder
G00D L: :CK!
read article on c***, tried c*** commands on the a-a dir for more info.. the html code retrieved is of shell scripts, people are repeatedly uploding s*****s on i****.**p. checked process wit h***, ps commands..got only --c****-a*** with c****** writen on it's right. pls help,, don't know what to do next
.
Fun times are bound to end. - Korosensei
any suggestions ?
hmmm, try to find a relation between different folders in the directory.. and , edit something so you can get what you want instead of what it showed you.
Fun times are bound to end. - Korosensei
I was able to read the root flag but I can't seem to get a root shell. I got passwd and shadow but I have a feeling decrypting root password for root shell is not the correct way to go. Can someone give me a hint on getting root shell?
Edit: nvm I got it
just got a reverse shell with "www-data" priviliges..don't know what to do next..any help would be appreciated !!
Finally I got User, PM for hints.
And can Someone Hint me about Root ? I'm on the A****-***A but i dont see what to do !
@yunaranyancat Got root flag.. What about root shell ?
Think I might be retarded. This is my second machine. I can not gain access to find user.txt
I have enumerated directories and looked at source. I spotted a s*****.*** in the bottom of html source. Found potential credentials, which don't work for SSH or for Admin Authentication.
Any pointers on recon? I've been looking at this for hours and am wondering am I simply dumb
Hints would be appreciated ! I will continue to read through these posts and look at the source in the meantime.
EDIT: WOW I feel dumb.. note to self, stop overcomplicating things..
EDIT2: did anyone else find that user.txt was empty? I managed up**** a s**** to the server and am browsing the file system, but the flag is empty for me.
got a couple of pointers here but all in all was a fun box. As other's have said getting root access is right in front of you if you have user.
Just rooted this machine, twas fun; anyone need any hints let me know
I feel like slapping myself right now. Been trying to upload with quite a few different ways, when all that was needed was right there already. On to user now !
edit: got user !
Just cannot believe how I made this difficult for myself, definitely DO NOT overthink it.
USER: was pretty straight forward, you do not need a reverse shell to get what you need.Once you get that file work your MAGIC to solve it.
Root: Like others, I spent hours on this when it could have taken me 2 mins to solve it. Look for files close by, see what is happening.See the relationship between files.
Again, do not overthink it and do yourself a favour: read the manual for that famous command!
Really enjoyed this box.
If you need some help feel free to DM me.
Working on root now, but I felt i should say this for the people who have to do a full 8+ hours at work and their brain is a little exhausted when they get home and jump on HTB.
INTFH: Pay attention to everything, think like a circa 2007 middle school student taking his first CS class and having to build a webpage. What mistakes do people generally make as beginners when they have a hard time remembering things.
User: The language that's used in this service is notorious for having RCE exploits so just dig around a little bit. If you can't figure out how to get the exploit working there's a youtube video what with a well crafted google search would make it the first video you see. You don't need to pop a shell if you don't want to, File Inclusion worked just fine for me.
as well. Like someone earlier said, OTW is your friend.
****EDIT******: it's worth mentioning that you don't NEED ANY OUTSIDE TOOLS up to ^^^ this point. Everything can be done without downloading anything new, that goes for that FILE
Root: Well that was fast, for the record please delete the flags once you get them lol, if you can't then reset the box XD The method is right in front of you, IF you think you have an idea of whats going on, make a non malicious change and see if it works.
rooted anyone need hints pm me.
For help ping me on Discord: breaker#6475
finally rooted. pm for hints !
Rooted!!! I struggled after user.txt. Felt pretty silly once I figured it out. PM me if you need any hints
I'm banging my head against the wall here.
I've logged into the admin panel but all my attempts to upload a reverse shell failed as zoomla always sanitises everything even if I change the plugin options etc, wondering if anyone could push me in the right direction
I have got the s*****.t** is ssh into Fl**** possible ?
Try and you'll find out. If using the file you found to ssh doesn't work, try to use it in another way