Just got user. Respect to @zaBogdan for the help. Initial enum is really important.
For root, I do understand what should be exploited.
Seems like another user is needed to send meaningful messages.
Should I found an RE on the wb s****r?
Thanks for any nudge!
Just got user. Respect to @zaBogdan for the help. Initial enum is really important.
For root, I do understand what should be exploited.
Seems like another user is needed to send meaningful messages.
Should I found an RE on the wb s****r?
Thanks for any nudge!
In my opinion this box could be considered insane. Thank you @qtc your skills are really impressive.
User hint: Enumeration and understanding the logic behind the applications. Anyway, my real hint is to study everything you'll find (if you haven't seen it already) to get to the solution.
Root hint: Enumeration. In my opinion it's an insane machine, and you have to try hard. Look at what's going on in the processes, understand how the applications communicate, and find a way to execute commands from one side to the other. Use google even this time.
I believe I know what technologies are at play and I know what the name of the box is referring to. I even tried a promising exploit on the co***ct page regarding the name of the box but it didn't work.
Should not i be able to login somewhere as my customer account using connected auth account? If you willing to clarify how things work in this machine, i can pm my steps.
rooted.
This box is incredibly amazing but is definitely not a hard box, is fucking insane and complex.
Very good and hard work behind, @qtc (and try if possible to re-rate this box to 50 points please xD)
Rooted ... But man what a frustrating box. Honestly whoever ranked this box "Hard" was not thinking straight. Just to get user requires you to learn every unrealistic attack on OA*** there is. And there is a guessing part, which shouldn't be a thing.
There are many stability issues on the website that I ran into a lot. I wish there were more "helpful hints" along the way. It made the learning experience not enjoyable.
If you like my advice, please give me some respect! Thanks!
Message me on discord: godylocks#5721
OFF: "Type your comment" - forum engine seems to be a little bit strange, never touched the "Post comment" button, but sometimes just browsing the forum posts the default "Type your comment" message here. idk, why...
Rooted. Special thanks goes to @seekorswim and @lorenzooo, for nudging me to the right path. I can't belief I got stuck on something so obvious in retrospect. Great box, user part very clean, root part very dirty, haha.
I thought it was very difficult, but it gave me a good lesson in staying zen and perseverance.
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Hi all; am now on the "admin" page and have quite some new information; I think I know in general what I would like/need to do next but I cant put the pieces in place yet. some nudge in the right direction would be highly appreciated. pm for hints. thanx
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
user: try to understand every single request about web apps. Enum without extensions (I hope you know why). Try to understand how the apps are generating the access. Practice with more than one user. When you get it, send the url with the form that could has communication with admin. Remember close session and get in again. Start again to find more paths over apps. At this point try to get some research about o***h on d****o and verify what request you can do. This part take me too much time. Put attention on response headers and get too much fuzzing over apps
Root: this was pretty hard. The vector escalation was based just verifying process.
Can anyone drop me a hint on foothold? Only thing interesting I've seen so far is "Hacking Attempt Detected" on /c****** page lol. Got info about tech stack from low port...
Edit: Wasn't using enough wordlists for initial enum, found interesting endpoint o****. Still could use a nudge though
Rooted! I really liked the box. It's incredibly well thought out, but it's also a pain in the ass.
I think that an insane rating would be better, as other say.
Massive thanks to @qtc for this great box.
Also for @Chr0x6eOs for his great help!
If someone need a nudge, please clearly describe the phase you are in.
You can pm me.
Comments
hi, do I need brutforcer flask?
Just got user. Respect to @zaBogdan for the help. Initial enum is really important.
For root, I do understand what should be exploited.
Seems like another user is needed to send meaningful messages.
Should I found an RE on the wb s****r?
Thanks for any nudge!
Type your comment> @cotonne said:
Oh! I missed something obvious.... ><
Rooted.
In my opinion this box could be considered insane. Thank you @qtc your skills are really impressive.
User hint: Enumeration and understanding the logic behind the applications. Anyway, my real hint is to study everything you'll find (if you haven't seen it already) to get to the solution.
Root hint: Enumeration. In my opinion it's an insane machine, and you have to try hard. Look at what's going on in the processes, understand how the applications communicate, and find a way to execute commands from one side to the other. Use google even this time.
Anyone want to help me move forward on this? I have the the thing, but all it seems to do is disconnect my other guy? any tips??
Type your comment> @Chr0x6eOs said:
I only got response once. After that nothing. So my plan to connecting to another account still stuck.
This behavior is worse than bank robber machine.
Any hint for this?
Type your comment> @bertalting said:
which one?
Thanks to the author.
For root: the hint is in front of you as long as you can become user
See you!
Click here for HTB Profile: You are welcome to contact me for a nudge, but if I help you, please consider giving respect.
Just got user
I really love the real-world relevance to this part - onwards to root!
Anybody willing to give me a nudge on foothold?
I believe I know what technologies are at play and I know what the name of the box is referring to. I even tried a promising exploit on the co***ct page regarding the name of the box but it didn't work.
Would appreciate a nudge!
Should not i be able to login somewhere as my customer account using connected auth account? If you willing to clarify how things work in this machine, i can pm my steps.
Thanks, @qtc
Road to root was enjoyably frustrating and learned alot! My favourite box so far 
rooted.
This box is incredibly amazing but is definitely not a hard box, is fucking insane and complex.
Very good and hard work behind, @qtc (and try if possible to re-rate this box to 50 points please xD)
Rooted ... But man what a frustrating box. Honestly whoever ranked this box "Hard" was not thinking straight. Just to get user requires you to learn every unrealistic attack on OA*** there is. And there is a guessing part, which shouldn't be a thing.
There are many stability issues on the website that I ran into a lot. I wish there were more "helpful hints" along the way. It made the learning experience not enjoyable.
If you like my advice, please give me some respect! Thanks!
Message me on discord: godylocks#5721
OFF: "Type your comment" - forum engine seems to be a little bit strange, never touched the "Post comment" button, but sometimes just browsing the forum posts the default "Type your comment" message here. idk, why...
Rooted. Special thanks goes to @seekorswim and @lorenzooo, for nudging me to the right path. I can't belief I got stuck on something so obvious in retrospect. Great box, user part very clean, root part very dirty, haha.
I thought it was very difficult, but it gave me a good lesson in staying zen and perseverance.
I am buried in the privesc on this box. (I think I agree with @Lorenzooo - it feels like an insane box).
I am trying to get a python2 exploit to run in a python3 environment but failing drastically.
Has anyone else managed this or have I gone barking up the wrong tree?
Note: https://www.nohello.com/
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Rooted
It was a great journey.
this box is not hard It is absolutely INSANE. Thanks to @qtc for great box
pm for hints.
Hi all; am now on the "admin" page and have quite some new information; I think I know in general what I would like/need to do next but I cant put the pieces in place yet. some nudge in the right direction would be highly appreciated. pm for hints. thanx
So I cleared my previous hurdle thanks to @hatsat32 - the primary lesson is to not rely on tools to convert. Yes I am an idiot.
Note: https://www.nohello.com/
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Rooted! Root is not so hard but user is interesting and nice. Thanks for supporting @onurshin and @seekorswim.
Rooted. Thank you @qtc for an awesome ride of ups and downs
Really enjoyed that box and learned a ton from it 
GREM | OSCE | GASF | eJPT
Feel free to PM me your questions, but please explain what you tried, so far.
whoami
root
id
uid=0(root) gid=0(root) groups=0(root)
Great Box ! Enjoyed it & definitely learned a lot from it !
Finally rooted; great box! Enjoyed user part most and learned a lot new stuff with user and root; thanks @qtc
WTF!!!!!!!!
Rooted, this machine was very fucking painfull
my hints:
user: try to understand every single request about web apps. Enum without extensions (I hope you know why). Try to understand how the apps are generating the access. Practice with more than one user. When you get it, send the url with the form that could has communication with admin. Remember close session and get in again. Start again to find more paths over apps. At this point try to get some research about o***h on d****o and verify what request you can do. This part take me too much time. Put attention on response headers and get too much fuzzing over apps
Root: this was pretty hard. The vector escalation was based just verifying process.
I hope that I didn't spoil nothing
My total admiration for QTC. THX
Can anyone drop me a hint on foothold? Only thing interesting I've seen so far is "Hacking Attempt Detected" on /c****** page lol. Got info about tech stack from low port...
Edit: Wasn't using enough wordlists for initial enum, found interesting endpoint o****. Still could use a nudge though
anyone to help with o**** endpoint ?
Rooted! I really liked the box. It's incredibly well thought out, but it's also a pain in the ass.
I think that an insane rating would be better, as other say.
Massive thanks to @qtc for this great box.
Also for @Chr0x6eOs for his great help!
If someone need a nudge, please clearly describe the phase you are in.
You can pm me.
Did I help you? Please return the favour and +1 respect me
https://www.hackthebox.eu/home/users/profile/177580
Big thanks to all, who share their knowledge with other people!
[email protected]:~#
To contact me, please use Discord
Myrtle#5162