Sizzle

can anyone help me?

«13456

Comments

  • Lol, help you to what? The box release was 2h ago xD
  • And it was flagged "insane" - seems like the expectation should be that this is a very, very hard box.

  • Those ports...

    delosucks

  • I'm inside ... I hope it's not a rabbit hole ... I have a special ability to find them ....

  • @n0m0c0navaja same than you many strange file on it... 2h im thinking: is a rabbit? but i dont found anything yet more so... idk xD
  • Okey now i found some cert... rabbit hole? too many rabbit on this box xD
  • too many hints!!!! :P

  • Not really a hint, we dont said where and how we be inside, and for the cert, wich one? Where? How? XD and there is many rabbit hole, maybe its a hint for jump into a hole? Idk didnt find anything really sure to give a hint ^^ anyway if its real HARD hint those comment will be removed

    Ps : sorry if i spoiled or give a hint its not what i wanna do xD

    Ps2: this box give me a cancer and i have rabbit ears in my head now! XD i dont think i will sleep now my brain didnt stop thinking T_T
  • I find it amazing- while others still scanning and try to get a picture, others already "in" - whatever that means. HTB is a great place to learn from each other - great community !

    Btw. i'm still scanning and no hint for anything useful ;)

  • edited January 18

    Lot to look into. Anyone found interesting path ?

    MrR3boot
    Learn | Hack | Have Fun

  • edited January 13

    Got some users but not password so I try the obvious brute-forcing... or anyone found some credentials ?

  • Congratulations for @stefano118 !!!! first blood 17 hours, 59 mins, 56 seconds.

  • Found some users... An interesting page... a lot of open ports...

    No credentials.

    ferreirasc

  • It's currently very slow to enumerate

  • Close to get a shell... x)
  • edited January 15

    Getting there...

    LegendarySpork

    my badge doesn't work, click on my profile if you want rank and stuff

    Taking a break from HTB through Dec 2019 in order to focus on other projects.

  • edited January 15

    Found user + creds and other authentication things... looking for a good place to use them :)

    Edit: Got User! Now to find Privesc

  • Is it necessary to brute-force or can you find valid password(s) for a user ?

  • Bruteforce isnt the way
  • edited January 15

    @backspace said:
    Found user + creds and other authentication things... looking for a good place to use them :)

    Stuck in this exact spot. Credentials without any apparent use.

    Edit: Figured that part out, at least.

    opt1kz

  • should I be trying to get lucky here?

    LegendarySpork

    my badge doesn't work, click on my profile if you want rank and stuff

    Taking a break from HTB through Dec 2019 in order to focus on other projects.

  • edited January 15

    Is this intentional? portscan doesnt work. Without any scan not doing anything susp., half of the HTTP requests times out. Is it because of the LAB or firewall stuff?
    Restarted everything. Without doing any suspicious, just trying to browse the webpage> 10/2 attempt connects.

  • edited January 16

    I had the same issue but adjusting my scan parameters helped.

    I believe I missed some key stuff with my usual scans set to defaults.

    LegendarySpork

    my badge doesn't work, click on my profile if you want rank and stuff

    Taking a break from HTB through Dec 2019 in order to focus on other projects.

  • @LegendarySpork said:
    I had the same issue but adjusting my scan parameters helped.

    yeah. Have to be polite…

  • edited January 16

    Rooted. This is an amazing box, IMO.

    It's hard, but fair; no trolls or find-the-hidden-file CTF shenanigans. It feels very similar to Endgame as far as difficulty and Windows know-how goes.

    opt1kz

  • edited January 17

    The process to gain user was AWESOME!! ^__^

    I really had some fun.

    Moving to root now. \o/

    Edit:

    Rooted! ^^

    ferreirasc

  • This box is so buggy. i've been uploading the file and running responder for 40 mins now. In wireshark I can see the handshake start and then the box sends a RST packet. Do these boxes get tested

  • @meni0n said:
    This box is so buggy. i've been uploading the file and running responder for 40 mins now. In wireshark I can see the handshake start and then the box sends a RST packet. Do these boxes get tested

    I don't have a solution for this, sadly, but I've been hearing this from a lot of people. I'm seemingly one of the lucky ones who it worked for. :/

    opt1kz

  • For me it literally took one second.. was it just luck?!

  • It was on the first time for me also... lol.

    Maybe is the method. xD

    Idk

    ferreirasc

Sign In to comment.