Official BountyHunter Discussion

Official discussion thread for BountyHunter. Please do not post any spoilers or big hints.

«1345

Comments

  • This is gonna be my first time playing a machine at release, I'm really excited!

  • Seems like all the open ports are dead... Is there something wrong with the box?

  • any hint?

  • Managed to enum all users on box, identified the target user and also a hint to an application running on the box.

    No idea where to go next with this now - anyone got a hint?

  • Type your comment> @TheIntersect said:

    Managed to enum all users on box, identified the target user and also a hint to an application running on the box.

    No idea where to go next with this now - anyone got a hint?

    I would suggest you see what other files are out there... Some have been hinted on that port

  • edited July 24

    Rooted. Excellent beginner box. If you're stuck, maybe research OWASP top 10

    [email protected]:~# id
    uid=0(root) gid=0(root) groups=0(root)
    
  • Rooted !!! Look good at the files on the host... you will find a hint on them then google it... For root, just analyze the script to create your own thing corresponding to all the checks...

  • # id;whoami;hostname
    uid=0(root) gid=0(root) groups=0(root)
    root
    bountyhunter
    smooth box and refreshing

  • Figuring out how to get my foothold took a WHILE! I screwed up on my exploit and it made it so things didn't work like it should have.
    User/foothold:
    If you found the WASP, you're on the right track. You should have found something worth reading during your regular enumeration of a website (it's always nice to see what's out there). You need to carefully direct the WASP to check out that interesting find from your enumeration... This should get you in the system as user
    Root:
    BASIC enumeration should lead you where you need to be. Hopefully you know how to handle snakes...

  • root this box.. pretty easy machine and very ctf like i mean...
    PM if need a nudge

  • edited July 25

    A lot of fun!

    Definitely more easy-medium than easy, but I liked it a lot since a machine that's too point-and-shoot can feel a bit meaningless. The foothold was a good introduction to that particular type of vuln, and privesc was straightforward while still requiring a tiny bit of work to determine what was needed.

    Don't bother with hints beyond the aforementioned "OWASP Top-10" on this one, it's fairly easy for a beginner - some googling will get you there :)

  • Type your comment> @sharkmoos said:

    Rooted. Excellent beginner box. If you're stuck, maybe research OWASP top 10

    [email protected]:~# id
    uid=0(root) gid=0(root) groups=0(root)
    

    I think you are a cheater. How did you rooted 12 challenges for like a minute?? ahahah busted RAIDFORUMS scriptkiddies lol

  • need some nudges and ideas, i got the list of all users and also db user & password, now i stucked. i cant find any sql neither ssh password.

  • edited July 25

    Type your comment> @1z3n said:

    Type your comment> @sharkmoos said:

    Rooted. Excellent beginner box. If you're stuck, maybe research OWASP top 10

    [email protected]:~# id
    uid=0(root) gid=0(root) groups=0(root)
    

    I think you are a cheater. How did you rooted 12 challenges for like a minute?? ahahah busted RAIDFORUMS scriptkiddies lol

    You can think whatever you want. idk what RAIDFORUMS is but sure lol. Probs wouldn't be posting on the forums helping fellow players if I was cheating though.

    No idea what your're talking about with the challenges. Jealous people will be jealous I guess

  • edited July 25

    Spoiler Removed

  • Spoiler Removed

  • Spoiler Removed

  • edited July 28

    I am not really sure what is going on with this discussion. It is on the edge of being inappropriate for a discussion around a specific box.

    In general, if you feel someone is cheating then reporting it to the HTB team is probably the best approach (I don't know, maybe a Direct Message to one of the admins on here or on discord). I only really get involved around the forums and behaviour here.

    It is probably not a sensible thing to accuse people in general threads, because it is going to be pretty difficult to prove.

    While I don't want people to think I've taken a side here, I don't know where the accusation has come from. There isn't anything strange on @sharkmoos profile that I can see.
    image
    I don't see any examples of "12 challenges in a minute", or anything that seems unusual.

    I'd also be cautious around assuming the same username is the same person on different platforms. Although in this instance it does look strange that the sharkmoos account on Raidforums appears to have vanished. I'd still be very wary of using that as evidence they are the same person and that it means cheating has happened.

    For example, how did you know that the account was posting in HTB discussions on Raidforums?

    It's a very dangerous path to head down. Raidforums has a lot more than the HTB board (and most people working in any CTI type role will use it a lot). If you think people checking out threads there are automatically cheating, then you can only find out they are cheating by cheating yourself.

    tl;dr - keep the thread focused on the box or posts will be deleted in future.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • edited July 28

    Spoiler Removed

  • Type your comment> @DemChuck said:

    need some nudges and ideas, i got the list of all users and also db user & password, now i stucked. i cant find any sql neither ssh password.

    If you have a password and a list of users, try using those to get into the system. There is more than port 80 to get in.

  • Type your comment> @obfucipher said:

    Type your comment> @DemChuck said:

    need some nudges and ideas, i got the list of all users and also db user & password, now i stucked. i cant find any sql neither ssh password.

    If you have a password and a list of users, try using those to get into the system. There is more than port 80 to get in.

    thank you so much!

  • Type your comment> @DemChuck said:

    Type your comment> @obfucipher said:

    Type your comment> @DemChuck said:

    need some nudges and ideas, i got the list of all users and also db user & password, now i stucked. i cant find any sql neither ssh password.

    If you have a password and a list of users, try using those to get into the system. There is more than port 80 to get in.

    thank you so much!

    Happy to help :)

  • i'm stuck at the very beginning any help?

  • Nice and easy box. I would recommend this to beginners who are starting at HTB.
    Hints:
    User: what you have (enumerated) will be needed once you get the vul.
    Root: You know what you have to do (mostly) when you have the SSH of an easy box.
    read it, understand it, get the root flag.
    Discord - luckythandel#6053

  • I feel like I'm blowin' in on all nmap scans thus far. I'm getting nothing useful from them. As to the WASP comments, I see what could be a "thing", but thus far haven't been able to get any"thing" to work. burps.

  • [email protected]:~# id
    uid=0(root) gid=0(root) groups=0(root)

    thx!

    joelblack

  • Where are the server files on the machine?

  • edited July 25

    Hello, I'm stuck. I found a vulnerability. I have read the database configuration file and the classic /passwd, but now I'm stuck. Some advice?

  • Type your comment> @hum4N3rd said:

    Hello, I'm stuck. I found a vulnerability. I have read the database configuration file and the classic /passwd, but now I'm stuck. Some advice?

    Sent you a message

  • This was a fun beginner box for me. Reminded me I need to enumerate more and was good exposure to an attack vector I haven't gotten to play with yet.

    User:
    Good enumeration will give you most of what you need. The attack vector could be a little tricky if it's your first time, but googling cheat sheets will help.

    Root:
    Pretty easy to figure out what needs to be done as the instructions are very clear. The implementation can be tricky but google and trial and error are enough to get it done.

    Feel free to PM for nudge

Sign In to comment.