Official Academy Discussion

1111213141517»

Comments

  • Port 80 is open on the machine. When I navigate to http://BOX-IP it redirects to "http://academy.htb/" but I am unable to reach that domain. I do not get any server response. Am I on the wrong track here?

  • @Megatron404 said:

    Port 80 is open on the machine. When I navigate to http://BOX-IP it redirects to "http://academy.htb/" but I am unable to reach that domain. I do not get any server response. Am I on the wrong track here?

    Then allow you system to resolve that name ;)


    Hack The Box
    GREM | OSCE | GASF | eJPT

    Feel free to PM me your questions, but please explain what you tried, so far.

    Currently busy with AWAE

  • just rooted the system..Things are right infront of your eyes.

  • Just got user. Wasted around two hours digging through the wrong place. If you feel you're looking at the right stuff, but have information that doesn't work, maybe try looking around for something similar to what you have somewhere nearby.

  • Beating my head against the wall on foothold. Found a couple possibly relevant exploits to get RCE, but nothing I've tried is working. Would someone be able to send a nudge as to what I'm missing on the exploit?

  • Well, I'm back on HTB after a year and a half break and I am apparently really out of practice. I've gotten the L*****l debug page and have found a corresponding exploit via search*****t, but the exploit isn't working and I can't figure out why. Any nudges?

  • @honorbound said:

    Well, I'm back on HTB after a year and a half break and I am apparently really out of practice. I've gotten the L*****l debug page and have found a corresponding exploit via search*****t, but the exploit isn't working and I can't figure out why. Any nudges?

    Double check the options you have selected.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Rooted after a few days. In hindsight not complicated if you enumerate well enough.

    PM me for nudge.

  • edited February 26

    SMB1 disabled -- no workgroup available
    help pls guys on my kali terminal

  • @Dessalegn said:

    SMB1 disabled -- no workgroup available

    Is there an SMB port open? If you are talking about the Academy box (i.e. this thread), you might want to double check your nmap output.

    help pls guys on my kali terminal

    Maybe try a different port.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Nevermind! I got it! Foothold was probably the most awkward due to the paramter that's easy to miss and/or misunderstand. Awesome box! Path to root was pretty great.

    uid=0(root) gid=0(root) groups=0(root)

  • edited February 26

    Got lost in the thread when I posted what was originally here XD

  • Rooted.

    Academy is one of the most funniest box i ever did. So congrats to its creator.

    I have one question about the root path : is it possible to exploit the B**** S****** ? i try but it seems not vulnerable even if the version of the command seems. Maybe i did something wrong or the exploit i used was not the best.

  • That was a battle of will. Pretty easy box till you try to get user2. Missed what I should have found, but found it in the end. User2!, pay attention to groups and search google where things might get logged, then X*D will be your friend. Thanks egre55 and mrb3n, learned one valuable thing. Cheers

  • edited April 3

    SQL Injection module:

    Q: In the 'titles' table, what is the number of records WHERE the employee number is greater than 200000 OR their title does NOT contain 'engineer'?

    A: 404791 (wrong)

    My query: select * from titles where emp_no>200000 OR title!='Engineer';

    Edit: nevermind I got the solution.

Sign In to comment.