Port 80 is open on the machine. When I navigate to http://BOX-IP it redirects to "http://academy.htb/" but I am unable to reach that domain. I do not get any server response. Am I on the wrong track here?
Port 80 is open on the machine. When I navigate to http://BOX-IP it redirects to "http://academy.htb/" but I am unable to reach that domain. I do not get any server response. Am I on the wrong track here?
Then allow you system to resolve that name
GREM | OSCE | GASF | eJPT
Feel free to PM me your questions, but please explain what you tried, so far.
Just got user. Wasted around two hours digging through the wrong place. If you feel you're looking at the right stuff, but have information that doesn't work, maybe try looking around for something similar to what you have somewhere nearby.
Beating my head against the wall on foothold. Found a couple possibly relevant exploits to get RCE, but nothing I've tried is working. Would someone be able to send a nudge as to what I'm missing on the exploit?
Well, I'm back on HTB after a year and a half break and I am apparently really out of practice. I've gotten the L*****l debug page and have found a corresponding exploit via search*****t, but the exploit isn't working and I can't figure out why. Any nudges?
Well, I'm back on HTB after a year and a half break and I am apparently really out of practice. I've gotten the L*****l debug page and have found a corresponding exploit via search*****t, but the exploit isn't working and I can't figure out why. Any nudges?
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Nevermind! I got it! Foothold was probably the most awkward due to the paramter that's easy to miss and/or misunderstand. Awesome box! Path to root was pretty great.
Academy is one of the most funniest box i ever did. So congrats to its creator.
I have one question about the root path : is it possible to exploit the B**** S****** ? i try but it seems not vulnerable even if the version of the command seems. Maybe i did something wrong or the exploit i used was not the best.
That was a battle of will. Pretty easy box till you try to get user2. Missed what I should have found, but found it in the end. User2!, pay attention to groups and search google where things might get logged, then X*D will be your friend. Thanks egre55 and mrb3n, learned one valuable thing. Cheers
Comments
Port 80 is open on the machine. When I navigate to http://BOX-IP it redirects to "http://academy.htb/" but I am unable to reach that domain. I do not get any server response. Am I on the wrong track here?
@Megatron404 said:
Then allow you system to resolve that name
GREM | OSCE | GASF | eJPT
Feel free to PM me your questions, but please explain what you tried, so far.
just rooted the system..Things are right infront of your eyes.
Just got user. Wasted around two hours digging through the wrong place. If you feel you're looking at the right stuff, but have information that doesn't work, maybe try looking around for something similar to what you have somewhere nearby.
Beating my head against the wall on foothold. Found a couple possibly relevant exploits to get RCE, but nothing I've tried is working. Would someone be able to send a nudge as to what I'm missing on the exploit?
Well, I'm back on HTB after a year and a half break and I am apparently really out of practice. I've gotten the L*****l debug page and have found a corresponding exploit via search*****t, but the exploit isn't working and I can't figure out why. Any nudges?
@honorbound said:
Double check the options you have selected.
Note: https://www.nohello.com/
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Rooted after a few days. In hindsight not complicated if you enumerate well enough.
PM me for nudge.
SMB1 disabled -- no workgroup available
help pls guys on my kali terminal
@Dessalegn said:
Is there an SMB port open? If you are talking about the Academy box (i.e. this thread), you might want to double check your nmap output.
Maybe try a different port.
Note: https://www.nohello.com/
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Nevermind! I got it! Foothold was probably the most awkward due to the paramter that's easy to miss and/or misunderstand. Awesome box! Path to root was pretty great.
uid=0(root) gid=0(root) groups=0(root)
Got lost in the thread when I posted what was originally here XD
Rooted.
Academy is one of the most funniest box i ever did. So congrats to its creator.
I have one question about the root path : is it possible to exploit the B**** S****** ? i try but it seems not vulnerable even if the version of the command seems. Maybe i did something wrong or the exploit i used was not the best.
That was a battle of will. Pretty easy box till you try to get user2. Missed what I should have found, but found it in the end. User2!, pay attention to groups and search google where things might get logged, then X*D will be your friend. Thanks egre55 and mrb3n, learned one valuable thing. Cheers
SQL Injection module:
Q: In the 'titles' table, what is the number of records WHERE the employee number is greater than 200000 OR their title does NOT contain 'engineer'?
A: 404791 (wrong)
My query: select * from titles where emp_no>200000 OR title!='Engineer';
Edit: nevermind I got the solution.