Officially unable to get foothold. Messed around with o******s with no luck despite the multiple CVEs out there. There is information I'm unable to find out to make them (it) work.
Anyone else having problems enumerating? Nothing nmap is working, tried netcat too and get 'no route to host' for everything...reset the box; same result...??
solved; had to specify the interface for some reason it didn't go to my tunnel this time.
Rooted!
Really fun box honestly, the ratings don't do it justice.
Concentrate and read everything carefully. Once it clicks you'll feel really dumb.
Rooting was also super simple, just a case of careful enumeration.
user was really cool! I figured it out while I was tryna ask for a hint. I had to write down where I was stuck, what I've tried, and what I might think will work, and then it clicked to me where I went wrong.
Tip: If you're stuck, try to do the same as me. Write down what your problem in detail and what you've already tried, as if you're explaining it to someone who is trying to help you. Maybe something will click for you too
Really struggling with foothold. Tried uploading files, and I think that there must be a way to get into the generated @ from o*****t on m********t. Any nudge would be really appreciated as I'm very much a beginner.
Really struggling with foothold. Tried uploading files, and I think that there must be a way to get into the generated @ from o*****t on m********t. Any nudge would be really appreciated as I'm very much a beginner.
Have you read everything in the first page?
if yes, did you read the info after you create ticket?
Really struggling with foothold. Tried uploading files, and I think that there must be a way to get into the generated @ from o*****t on m********t. Any nudge would be really appreciated as I'm very much a beginner.
Have you read everything in the first page?
if yes, did you read the info after you create ticket?
yep, I can see that a @ related to the t***** is generated, and that it will be valid on m*********. I did think about trying to brute with common creds but that always seems like the wrong approach for htb, and i looked for default ones, but I could find any. Am I missing something obvious?
Really struggling with foothold. Tried uploading files, and I think that there must be a way to get into the generated @ from o*****t on m********t. Any nudge would be really appreciated as I'm very much a beginner.
Have you read everything in the first page?
if yes, did you read the info after you create ticket?
yep, I can see that a @ related to the t***** is generated, and that it will be valid on m*********. I did think about trying to brute with common creds but that always seems like the wrong approach for htb, and i looked for default ones, but I could find any. Am I missing something obvious?
Read the info closer, what does that @ do? Read the hints and think about how the everything pieces together.
Really struggling with foothold. Tried uploading files, and I think that there must be a way to get into the generated @ from o*****t on m********t. Any nudge would be really appreciated as I'm very much a beginner.
Have you read everything in the first page?
if yes, did you read the info after you create ticket?
yep, I can see that a @ related to the t***** is generated, and that it will be valid on m*********. I did think about trying to brute with common creds but that always seems like the wrong approach for htb, and i looked for default ones, but I could find any. Am I missing something obvious?
Read the info closer, what does that @ do? Read the hints and think about how the everything pieces together.
Surely it isn't actually actually updating the info at the @? Can I PM you? I'm now even more confused
Really struggling with foothold. Tried uploading files, and I think that there must be a way to get into the generated @ from o*****t on m********t. Any nudge would be really appreciated as I'm very much a beginner.
Have you read everything in the first page?
if yes, did you read the info after you create ticket?
yep, I can see that a @ related to the t***** is generated, and that it will be valid on m*********. I did think about trying to brute with common creds but that always seems like the wrong approach for htb, and i looked for default ones, but I could find any. Am I missing something obvious?
Read the info closer, what does that @ do? Read the hints and think about how the everything pieces together.
Surely it isn't actually actually updating the info at the @? Can I PM you? I'm now even more confused
Rooted!
foothold + user: this part show the importance of writing down what you know and what you need; maybe you already have access to what you need...
root: follow the hints
Comments
Not able to access the machine !
Spawning for 15 minutes now...zzzzz..... anyone able to access this box?
Just started responding
one more time ! its not a EASY BOX !!! its impossible learn
I'm trying to create accounts, but I never receive the confirmation mail. Anyone with the same issue?
None of the boxes are connected to the internet as far as I know email wont work! Someone correct me if I am wrong.
Been trying some CVE's for X** in the low port for a while now with no luck... Is this a rabbit hole?
Type your comment> @chubbyBoi said:
same here, I tried a bunch of them, I also tried to upload a file to get a shell but nothing
Do we need to bruteforce some forms in webpage ?
https://www.xanhacks.xyz/
Officially unable to get foothold. Messed around with o******s with no luck despite the multiple CVEs out there. There is information I'm unable to find out to make them (it) work.
any nudge plz?
Rooted ! Nice Box. Easy if you take time to read.
If you PM me, please explain the situation. If you think this is a spoiler, flag it.
There we go! Root!
Really fun box. Would definitely have taken me a lot longer if I hadn't recognized the foothold from some article a year or so ago.
Anyone else having problems enumerating? Nothing nmap is working, tried netcat too and get 'no route to host' for everything...reset the box; same result...??
solved; had to specify the interface for some reason it didn't go to my tunnel this time.
If you are stuck, make sure you read everything. If you are still really stuck, DM me for a little nudge.
Rooted!
Really fun box honestly, the ratings don't do it justice.
Concentrate and read everything carefully. Once it clicks you'll feel really dumb.
Rooting was also super simple, just a case of careful enumeration.
user was really cool! I figured it out while I was tryna ask for a hint. I had to write down where I was stuck, what I've tried, and what I might think will work, and then it clicked to me where I went wrong.
Tip: If you're stuck, try to do the same as me. Write down what your problem in detail and what you've already tried, as if you're explaining it to someone who is trying to help you. Maybe something will click for you too
I'm stuck after the user flag.
i don't know what to do with c****.j**n
Any hint please?
Really struggling with foothold. Tried uploading files, and I think that there must be a way to get into the generated @ from o*****t on m********t. Any nudge would be really appreciated as I'm very much a beginner.
Type your comment> @menis said:
Have you read everything in the first page?
if yes, did you read the info after you create ticket?
Type your comment> @Faisallkhann said:
yep, I can see that a @ related to the t***** is generated, and that it will be valid on m*********. I did think about trying to brute with common creds but that always seems like the wrong approach for htb, and i looked for default ones, but I could find any. Am I missing something obvious?
Type your comment> @menis said:
Read the info closer, what does that @ do? Read the hints and think about how the everything pieces together.
Think about what is stored in there? Which services does the platform use?
Type your comment> @edyun said:
Surely it isn't actually actually updating the info at the @? Can I PM you? I'm now even more confused
Type your comment> @menis said:
For sure, PM me.
Rooted!
foothold + user: this part show the importance of writing down what you know and what you need; maybe you already have access to what you need...
root: follow the hints
Got user, working on root now...So far it seems pretty straightforward, but lets see if I'm able to apply the "hint"
can I get a sanity check if anyone is available please PM me
Never mind I have user now. I was trying the right way on the wrong thing
Got user
With root, how can i find out ****?. I think we should find out ****.....Rooted!