I have a problem, I cant transfer files to box(this one and oouch), wget curl nc scp just stops at 33% or so. I've reloaded my router regenerate connection pack, plz send help:D
Nice job on the box! bout time we got a privesc like that, the first bit was a needle in a haystack!
More than happy to help out and give hints - sorry if you've messaged me on forum.htb and I haven't got back, I might be more reachable via discord: CRYP70🇦🇺#8985
Hm, I got user and root flags in one go. Is that the intended way?
I don't think so but I can certainly see how it would be possible and if you haven't done the early enumeration properly, it is by far the easiest path.
Note: I am not going to be available much in September.
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
The most tricky part for me was de passwd to encadenated exploiting.
To people in this place a hint could be use another tool (it was not common for me) . to go to the place i change mi foots to the sky.
Got past the first login page and went down a steg rabbit hole on the image. I have found the reference the author was talking about but need a nudge on where to start looking. PM please, no spoilers
This machine is pissing off me, i found s****j but when i tried i got connection time out and what i found is (c...d=.) not working(not be inj). Also pinging it sometimes connection lost. Only thing what i need to do is wait and trust my luck?
Found stuff after much messing and hints on here.
Is the "gateway" meant to be running?
Not sure what it exactly is meant to be, but:
I anything tells you it was disabled, then someone broke the service, again, and you need to reset the machine (there should really be some kind of cronjob that periodically fixes the broken config file).
OSWE | GREM | OSCE | GASF | eJPT
Feel free to PM me your questions, but please explain what you tried, so far.
Found stuff after much messing and hints on here.
Is the "gateway" meant to be running?
Not sure what it exactly is meant to be, but:
I anything tells you it was disabled, then someone broke the service, again, and you need to reset the machine (there should really be some kind of cronjob that periodically fixes the broken config file).
Thanks, I try to avoid resets where possible, as I know how annoying they can be to everyone, but it it's broken.....I'll have to "turn it off and on again".
I try to avoid them, too. But it took me quite a long time to realize (or rather get pointed to the fact) that something that said it were disabled, should actually be enabled/available.
And when people follow a certain guide and use a certain readily available script, then things will break for everyone
OSWE | GREM | OSCE | GASF | eJPT
Feel free to PM me your questions, but please explain what you tried, so far.
Found stuff after much messing and hints on here.
Is the "gateway" meant to be running?
Not sure what it exactly is meant to be, but:
I anything tells you it was disabled, then someone broke the service, again, and you need to reset the machine (there should really be some kind of cronjob that periodically fixes the broken config file).
Definitely agree! This machine is pissing me off like anything else before! :-(
I truly have no fucking clue how you guys are getting from the author page, to this H** thing. It's obvious from the comments here what the eventual service must be, but I don't see any link to it whatsoever when googling. Also, how is anyone even dirbing this box? I can run through like 800 words before each reset. Really annoying.
edit: God damn it, that was so obvious. How did I not see that.
For anyone else in the same boat: don't keep fuzzing the box. You know how usually in windows boxes you need to change your hosts file to something very similar to the box name, if not the name itself? Well, that doesnt exactly apply here.
Comments
Rooted !! very funny box, shame about the constant resets, Thanks for nudges @sk4 @Centip3d3 @zard @davihack @jiggle @limelight
Hm, I got user and root flags in one go. Is that the intended way?
Fun box, I enjoyed it a lot. Thank you, @ASHacker
[email protected]:/# whoami && id
root
uid=0(root) gid=0(root) groups=0(root)
[email protected]:/#
Nice job on the box! bout time we got a privesc like that, the first bit was a needle in a haystack!
More than happy to help out and give hints - sorry if you've messaged me on forum.htb and I haven't got back, I might be more reachable via discord: CRYP70🇦🇺#8985
Rooted.
If anyone needs a little nudge, PM me. I'd love to help!
Nice & easy box
Thank you, @ASHacker
Type your comment> @traut said:
I don't think so
but you would have missed on a couple of interesting things if you skipped all the privesc.
eCPPT | OSCP
Rooted.
Interesting box. I could learn some new things.
@traut said:
I don't think so but I can certainly see how it would be possible and if you haven't done the early enumeration properly, it is by far the easiest path.
Note: I am not going to be available much in September.
Note: https://www.nohello.com/
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Thanks to @ASHacker for this awesome machine, the hardest part is the initial foothold, everything else is absolutly easy.
My Hints:
Initial Foothold
User
Lateral-Movement
Root
Hope my hints are not spoiling the machine, if they are doing it remove the post
Rooted just now. This was a fun box, nothing super new but tests a bunch of essential skills.
PM me if you want a nudge but be prepared to tell me what you've tried first.
Finally rooted.
The most tricky part for me was de passwd to encadenated exploiting.
To people in this place a hint could be use another tool (it was not common for me) . to go to the place i change mi foots to the sky.
Way to root was easy.
Funny box, thank the author.
Got past the first login page and went down a steg rabbit hole on the image. I have found the reference the author was talking about but need a nudge on where to start looking. PM please, no spoilers
some nudge to h** ? lot of cve but cant work it
This machine is pissing off me, i found s****j but when i tried i got connection time out and what i found is (c...d=.) not working(not be inj). Also pinging it sometimes connection lost. Only thing what i need to do is wait and trust my luck?
Found stuff after much messing and hints on here.
Is the "gateway" meant to be running?
@bobthebadger said:
Not sure what it exactly is meant to be, but:
I anything tells you it was disabled, then someone broke the service, again, and you need to reset the machine (there should really be some kind of cronjob that periodically fixes the broken config file).
OSWE | GREM | OSCE | GASF | eJPT
Feel free to PM me your questions, but please explain what you tried, so far.
Type your comment> @HomeSen said:
Thanks, I try to avoid resets where possible, as I know how annoying they can be to everyone, but it it's broken.....I'll have to "turn it off and on again".
I try to avoid them, too. But it took me quite a long time to realize (or rather get pointed to the fact) that something that said it were disabled, should actually be enabled/available.
And when people follow a certain guide and use a certain readily available script, then things will break for everyone
OSWE | GREM | OSCE | GASF | eJPT
Feel free to PM me your questions, but please explain what you tried, so far.
Interesting box. Renew many things I thought I knew, but actually, I'm not :-).
Type your comment> @HomeSen said:
Definitely agree! This machine is pissing me off like anything else before! :-(
rooted the box, got root then user. thanks to creators for this great box.
pm me for help if you needed.
This box really tested my patience. It was a great learning experience, thx @ASHacker .
Spoiler Removed
I truly have no fucking clue how you guys are getting from the author page, to this H** thing. It's obvious from the comments here what the eventual service must be, but I don't see any link to it whatsoever when googling. Also, how is anyone even dirbing this box? I can run through like 800 words before each reset. Really annoying.
edit: God damn it, that was so obvious. How did I not see that.
For anyone else in the same boat: don't keep fuzzing the box. You know how usually in windows boxes you need to change your hosts file to something very similar to the box name, if not the name itself? Well, that doesnt exactly apply here.
Rooted. Very fun box, but I get the impression that I didn't follow the intended path, as I didn't get the user flag until I was root.
Not sure if possible but it would be awesome to disable the exploit that everyone is using which causes constant resets. It's very frustrating.
So, rooted.
Special thanks for privesc, now I know more
Feel free to pm me for hints.