Official Buff Discussion

Official discussion thread for Buff. Please do not post any spoilers or big hints.

«13456716

Comments

  • edited July 18

    here we go! this is my first Blood attempt!

  • edited July 18

    (Sorry, bad post)

    choupit0

  • edited July 18

    user blood already !

  • user was easy :)

  • Type your comment> @HeyIamNoob said:

    user was easy :)

    depends for who

  • User is easy

  • I was trying to find things by navigating to /a...n but don't know where to go from there. Would be really helpful if someone could give me a nudge in the right direction

  • Oh shit i forgot this was about to release!

  • um, did anyone find the link the bottom of the ad*** page goes to a site linked to malware?

    Malware Link:
    http://skymbu.info/ (dont go to)

  • Type your comment> @aksofar said:

    I was trying to find things by navigating to /a...n but don't know where to go from there. Would be really helpful if someone could give me a nudge in the right direction

    2 hours in? Try some things out? Enum a bit more.

  • edited July 18

    Rooted! Fun and easy box! Too easy... But well take it after RopeTwo and Intense! :-) PM for nudge.... if you have really tried! There is no big challenge.... you should be able by yourself...

  • Beginner friendly box. Path to both user and root are clear with basic enum. Root stage might require some patience if there are multiple people on the box.

    Arrexel

  • come on guys, we can do it. Let's break the machine reset world record.

  • A very nice and Easy Windows box, User is unbelievable easy and Root is a nice path if you just enum a bit.

  • C:\Users\Administrator\Desktop>hostname && whoami
    hostname && whoami
    BUFF
    buff\administrator

    Rooted. Fun box. For those studying for OSCP, this is a good one to execute one of the essential skills.

    User: Standard enumeration of a service. Google will tell you how to proceed. Someone has even done the hard work for you. Now upgrade.

    Root: More enumeration. A usual location holds something important. Google some more. Look at the code, modify as needed. Before you proceed, look around again. Maybe things look different on the inside.

    limelight

  • edited July 18

    User after 10min... probably the easiest box here ever.

    I didn't consider trying First Blood but started at 12:00 a.m.

    Please excuse me while I drink a nice can of gasoline and then smoke a cigar.

    ಥ_ಥ

    Hack The Box

    BYONC (Don't steal, my T-Shirt)

  • Don't get stuck in rabbitholes.

    clubby789

    • GCIH
      If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments, or on box release night). And remember to +respect me if I helped you ; )
  • edited July 19

    Is the cloud thing a rabbithole?

    Edit:
    Thanks @Caracal . I just got root after I post this. I guess the machine was in weird state and someone reverted it. And then I got the root shell by using the same attack.

    Zhe0ops

  • edited July 19

    Type your comment> @zhe0ops said:

    Is the cloud thing a rabbithole?

    The logo and name of the box should help u to answer that question :)
    Easy box but fun, thanks @egotisticalSW.

    'These violent delights have violent ends'

  • any nudge for user

  • edited July 19

    Very Easy User in an Easy box finally

  • rooted. Very easy box :) DM if you need help

    jkana101
    OSCP | Sec+ | MCSE | VCP | CCNA

  • Yah, user is super easy. Could have got it in less than 3 minutes.

    lmakonem

    If I helped you out at all, feel free to click my badge and give +1 respect!

    My youtube tutorials: https://www.youtube.com/channel/UCXPdZsu8g1nKerd-o5A75vA

  • Type your comment> @GordonFreeman said:

    um, did anyone find the link the bottom of the ad*** page goes to a site linked to malware?

    Malware Link:
    http://skymbu.info/ (dont go to)

    Not really, looks like a parked domain.

  • It seems that PoC for privesc is written in Python but Python is not installed on the host...
    I feel like I'm looking at the right service based on box name and logo (as mentioned by @Caracal ) I wonder what I am missing.

  • Type your comment> @civility0 said:

    It seems that PoC for privesc is written in Python but Python is not installed on the host...
    I feel like I'm looking at the right service based on box name and logo (as mentioned by @Caracal ) I wonder what I am missing.

    Maybe plxxk.exe

  • Rooted! Easiest box on HTB by far. Thanks to creator!

    alt text

  • Type your comment> @civility0 said:

    It seems that PoC for privesc is written in Python but Python is not installed on the host...
    I feel like I'm looking at the right service based on box name and logo (as mentioned by @Caracal ) I wonder what I am missing.

    It's not because something is not installed on the machine that u necessarily need it.
    You want to access something on the inside, but from the outside, what can you do ?

    Some basic windows utilities can help you, or just find the right tool ;)

    'These violent delights have violent ends'

  • Rooted! Great box, very easy.
    Both user and root are really simple, although root can be a bit difficult to "set up"

  • Apparently "whoami" is malicious :D

    PS C:\Users> whoami
    whoami
    At line:1 char:1

    • whoami
    • ~~
      This script contains malicious content and has been blocked by your antivirus software.
      • CategoryInfo : ParserError: (:) [], ParentContainsErrorRecordException
      • FullyQualifiedErrorId : ScriptContainedMaliciousContent

    Hack The Box

    BYONC (Don't steal, my T-Shirt)

Sign In to comment.