Official CrossFit Discussion

Official discussion thread for CrossFit. Please do not post any spoilers or big hints.



  • Any thing found

  • *Spoiler Removed*


  • Two people have user. Damn! There goes my chances! ahahahaha

    Hack The Box

  • 1st blood after (almost) 16 hours! Tough going here clearly - about the foothold, I was wondering about the possibility of contraband on the most trafficked port - would that be possibly a path to follow?? 'Cause I've fuzzed this baby like a motherfuzzer!!!! And...nada, nichts, rien, tipota and ingenting...nothing to see on the cool horizon of http-land...lost for now - any hint on initial direction?

  • Is it about virtual hosting

  • Virtual hosting is not revealing anything for me at least. Any other pointers?

    For asking help, please describe what you have tried so far, so i don't spoil too much.
    If you believe i was able to help, please provide feedback by giving respect:

  • Attack => *******.crossfit.htb/vendor/

  • *******.crossfit.htb/vendor/
    403 Forbidden error

    Hack The Box

  • *******.crossfit.htb/vendor/****

    Hack The Box

  • How is root done after 9 hours of user, rated by two users as piece of cake?
  • Type your comment> @solid5n4k3 said:

    How is root done after 9 hours of user, rated by two users as piece of cake?

    They are being funny

    Always happy to help, DM me if you need anything!
    Link to Profile

  • Funny like a clown :D
    Quote from Goodfellas :)

  • They said piece of cake since they realised it's easy

  • it seems to me it may be vulnerable to XSS s****t2 i found the cve but i did not find POC that work, any idea?

    Hack The Box

  • edited September 2020

    So, i'm currently logged in with h**k, found the vulnerability in se*****dates.*** and found a PoC for it but i can't get it to work. I appreciate any help on that matter

    EDIT: nvm! i got it


  • Hi, I have tried to get the initial foothold using VHostScan but with no result. Is this a rabbithole - I mean trying to use wordlist to get a valid subdomain. What is a better approach? thx

  • I am trying to find the inital foodhold I already tried to dirsearch, dirbuster ect. but do not find anything. Can someone point to a useful tool :)

  • Could someone give me a little hint with the GET request to get a valid token? PM

    Hack The Box

  • rooted. The root part is crazy :)

    OSCP | Sec+ | MCSE | VCP | CCNA

  • edited October 2020

    can someone help me with root. analyzing d---g file with ghidra found function p------_d---
    what to do next. new to binary exploitation

  • I now have USER. big thanks to @justAhmed and @luca76.

    Working towards root now

    Hack The Box

  • rooted. This was very fun, educational and challenging box. Big thanks to @justAhmed and @jkana101 for helping me along the way.


  • Spoiler Removed

  • edited October 2020

    I had to stay awake for a long time but I finally won. Much analysis was required to reproduce the reverse step by step. Amazing. Thank you for this opportunity.


  • does this machine have something to do with f** if so please help me out. Thank you!!


  • edited November 2020

    I can see why this is an insane machine.

    I was stumped on root here :smile: . EDITED TO ADD: Rooted now but that was hard.

    I think I know what I need to do but I cant get it to work. It doesnt help that I cant seem to get it to give me any troubleshooting data. So there could be a lot wrong with what I am trying but I cant work out what :frowning:

    It doesn't help that the entry I am relying on seems to get wiped every few minutes!



    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

Sign In to comment.