Magic

Less than 2 hours to go so starting the thread

«13456718

Comments

  • Ah, got www-data. Enum enum enum ...

    myrtle

    To contact me, please use Discord Myrtle#5162

  • Let's do this, 10 seconds!

  • Found a login portal. Got only 1 hit when checking passwords. Is it sl****?
    First time posting, so don't know if it's a spoiler or not.

  • Bypassed authentication, got the portal admin password, no idea what to do next

  • Type your comment> @myrtle said:

    Ah, got www-data. Enum enum enum ...

    lol thanks

  • 03 hours, 18 mins, 31 seconds. 1st blood... box ain't even live that long ??

  • Type your comment> @Wolfman000 said:
    > 03 hours, 18 mins, 31 seconds. 1st blood... box ain't even live that long ??

    This feature is little buggy :d shows first blood + 3 hours
  • bruh it's so laggy

  • Is the password found by bruteforcing is the way to go? doesn't seem to work :(

  • slow slow slow i think everyone is trying to brute force it

    Arrexel
    OSCP,GWAPT,Security+,VCP,A+,Server+,Linux+,Nework+

  • edited April 18

    Type your comment> @dc9th said:

    bruh it's so laggy

    Yeah that's why i will try to root it when everyone calms down and leave this box alone :)

  • I am able to upload, but I can't figure out the name of what I uploaded after it gets uploaded

  • Type your comment> @sakas4 said:

    Type your comment> @dc9th said:

    bruh it's so laggy

    Yeah that's why i will try to root it when everyone calms down and leave this box alone :)

  • Type your comment> @init5 said:

    I am able to upload, but I can't figure out the name of what I uploaded after it gets uploaded

    Same here! Can't open/find the original filename after upload...

  • just got www-data, can't find a way to privesc

  • Meh, everything I try just results in a "What are you trying to do there?". Wondering, if I'm on the right track, or if I should look elsewhere :D


    Hack The Box
    GREM | OSCE | GASF | eJPT

  • edited April 18

    im www-data, found t****** password but aint working...rabbit hole?

    Edit: yep, you need to find the real pass
    now for root
    Edit 2 : got root! cool box

  • @Try said:
    Is the password found by bruteforcing is the way to go? doesn't seem to work :(

    I thought that machines on HTB don't require brute forcing for website login creds?

  • just got user privs

  • Finally a normal box...

    Hack The Box

  • @th3y said:
    Finally a normal box...

    What do you mean ? :)

  • Can't access the file after uploading under i*****/u****** section, can anybody PM me the nudge??

  • Any hints for root?

    badge
    profile: https://www.hackthebox.eu/home/users/profile/114435
    discord: Celesian#0558

  • To whomever uploaded that burp request to docker.registry.htb, thx for the laughs :)

    S1ph1lys

    We are the things that were and shall be again

  • @UrielY how did you upload the file? Everything I try results in "What are you doing there?"

  • Type your comment> @AidynSkullz said:

    @UrielY how did you upload the file? Everything I try results in "What are you doing there?"

    PM me

  • Spoiler Removed

  • how you bypass login

  • Just rooted the machine.
    All in all an okay machine! :)

Sign In to comment.