1st blood after (almost) 16 hours! Tough going here clearly - about the foothold, I was wondering about the possibility of contraband on the most trafficked port - would that be possibly a path to follow?? 'Cause I've fuzzed this baby like a motherfuzzer!!!! And...nada, nichts, rien, tipota and ingenting...nothing to see on the cool horizon of http-land...lost for now - any hint on initial direction?
Virtual hosting is not revealing anything for me at least. Any other pointers?
For asking help, please describe what you have tried so far, so i don't spoil too much.
If you believe i was able to help, please provide feedback by giving respect: https://www.hackthebox.eu/home/users/profile/122308
So, i'm currently logged in with h**k, found the vulnerability in se*****dates.*** and found a PoC for it but i can't get it to work. I appreciate any help on that matter
Hi, I have tried to get the initial foothold using VHostScan but with no result. Is this a rabbithole - I mean trying to use wordlist to get a valid subdomain. What is a better approach? thx
I had to stay awake for a long time but I finally won. Much analysis was required to reproduce the reverse step by step. Amazing. Thank you for this opportunity.
I was stumped on root here . EDITED TO ADD: Rooted now but that was hard.
I think I know what I need to do but I cant get it to work. It doesnt help that I cant seem to get it to give me any troubleshooting data. So there could be a lot wrong with what I am trying but I cant work out what
It doesn't help that the entry I am relying on seems to get wiped every few minutes!
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Comments
Hi
Hi
Hi
Any thing found
Two people have user. Damn! There goes my chances! ahahahaha
1st blood after (almost) 16 hours! Tough going here clearly - about the foothold, I was wondering about the possibility of contraband on the most trafficked port - would that be possibly a path to follow?? 'Cause I've fuzzed this baby like a motherfuzzer!!!! And...nada, nichts, rien, tipota and ingenting...nothing to see on the cool horizon of http-land...lost for now - any hint on initial direction?
Is it about virtual hosting
@Cmdking01 thank you!
Virtual hosting is not revealing anything for me at least. Any other pointers?
For asking help, please describe what you have tried so far, so i don't spoil too much.
If you believe i was able to help, please provide feedback by giving respect:
https://www.hackthebox.eu/home/users/profile/122308
Attack => *******.crossfit.htb/vendor/
403 Forbidden error
Type your comment> @solid5n4k3 said:
They are being funny
Always happy to help, DM me if you need anything!
Link to Profile
Funny like a clown

Quote from Goodfellas
They said piece of cake since they realised it's easy
So, i'm currently logged in with h**k, found the vulnerability in se*****dates.*** and found a PoC for it but i can't get it to work. I appreciate any help on that matter
EDIT: nvm! i got it
Hi, I have tried to get the initial foothold using VHostScan but with no result. Is this a rabbithole - I mean trying to use wordlist to get a valid subdomain. What is a better approach? thx
I am trying to find the inital foodhold I already tried to dirsearch, dirbuster ect. but do not find anything. Can someone point to a useful tool
rooted. The root part is crazy
OSCP | Sec+ | MCSE | VCP | CCNA
can someone help me with root. analyzing d---g file with ghidra found function p------_d---
what to do next. new to binary exploitation
I now have USER. big thanks to @justAhmed and @luca76.
Working towards root now
rooted. This was very fun, educational and challenging box. Big thanks to @justAhmed and @jkana101 for helping me along the way.
Spoiler Removed
I had to stay awake for a long time but I finally won. Much analysis was required to reproduce the reverse step by step. Amazing. Thank you for this opportunity.
does this machine have something to do with f** if so please help me out. Thank you!!
I can see why this is an insane machine.
I was stumped on root here
. EDITED TO ADD: Rooted now but that was hard.
I think I know what I need to do but I cant get it to work. It doesnt help that I cant seem to get it to give me any troubleshooting data. So there could be a lot wrong with what I am trying but I cant work out what
It doesn't help that the entry I am relying on seems to get wiped every few minutes!
Note: https://www.nohello.com/
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.