Jerry

Hi Can a friend help me ? I found a username password but it isn’t true complete

If it wasnt for the issues with logging in I would have solved this one in un der 10 minutes as many people have mentioned. Very easy box, all the answers are available through enumeration and quick google search if your not familiar.

Easiest box so far, i did on htb!!! definitely a good box to start for beginners, any doubts you can DM me or hit me up on discord [ Ruthvik#7626 ]

Dear everyone messing with the password. Why?

PM me, need help past the manager GUI

im starting to think that there is a malfunction with the machine. after reset with 30 sec the credentials got changed. admins should check this one out. and if it turns out that someone is changing the password. they should ban him for at least a week

ok who thinks that HTB admins are changing the password on purpose for people to buy VIP Services? i mean no one is that fast to change the password in 30 sec after reset

I was able to auth to the page once for around 15 seconds.

I use vip. There aren’t that problems.

Just pwned Jerry before nmap had finished :confused: The mouse was meant to be the smart one.

@smjogi said:
I use vip. There aren’t that problems.

yeah thats what i mean. these machines are made like this so we buy VIP services

just rooted. this machine should be rooted in < 10 min. however it took me 2 hours because either someone is changing the passwords. or its designed so that the password keeps changing on free services. GG!!

Horrible. In in like 10 min and cant open the flag. I’ll have to come back to it when it settles down.

In this box you must be quick as Jerry ! :slight_smile:
this box on vpn free was a mad house.

Just saw 10 resets being requested in ~15 minutes…

To everyone voting this machine as lame: I have seen a LOT of websites similar to this in “production” environments. This is an easy CTF but represents a decent segment of real world websites.

@J3rryBl4nks said:
To everyone voting this machine as lame: I have seen a LOT of websites similar to this in “production” environments. This is an easy CTF but represents a decent segment of real world websites.

I don’t think that the machine is voted as lame because it’s an easy machine. I suppose that happens because it’s very unstable and the password changes very often. Also with so many resets it’s very difficult for someone that already has access to even get the flags.

So I found the username and password for the web interface but I can’t figure out how to get a shell from this. The exploits complete but no session is created. I know there might be a way to cause a netcat session to open by manipulating the management interface but I’m lost for how to get this done.

I’ve tried every default password I could find along with every combination of t&j i could think of. Not sure if i am way off or if i’m not trying hard enough. frustrating none the less

Pm if you need @n0bf & @royc3r