@pzylence Already been working on the next one. Its just going through testing right now, but should be ready to submit in a couple of weeks after i get time to write the walkthrough for the HTB mods.
Also, if you enjoyed my work, check out the boxes I’ve already put up on Vunhub.
I like this really interesting box and was able to obtain the flags. However I couldn’t get a root shell. Probably because I’m concentrating too much on the delicious sauce. Is it possible to gain a root shell with the sauce or do I need a different approach?
PM is welcome.
i got the loging in fristry so that is defenetly rabbit whole i start to enumrate more and got some thing that some thing i enumrate it with some thing else there are some vurnibilities but i have not worked out how to exploit it mm…
that being said becare full this machine has too many rabbit holes…
The box is intended to be a TryHarder style lesson in the following…
- 1. Do full enum process of everything first.
- 2. Don’t dive right into the first thing you see.
- 3. Check for false positives and false negatives.
- 4. in real world pentesting (the whole point of practicing in htb?) not everything thing is usefull.
- 5. Don’t be a re’tar``tar…
after every post of yours, where retartar is mentioned, i feel even worse for myself, wasting time on rabbit holes. at least i got user.
still no root though
maybe re, tar, tar isn’t an insult…
…maybe…
…just maybe…
…it’s…
..shhhhh.
(whispers) … a clue.?
lol you just giving out too much clue haha
i am stack on using some thing to read some thing and get a flag mybe tar, some thing else lol
Rooted! Wow that was a tough priv esc but so cleverly put together! Mad props to the makers even if @3mrgnc3 is an absolute troll lol. PM me if anyone needs a hint at any stage of the box.
@smit2300 said:
Rooted! Wow that was a tough priv esc but so cleverly put together! Mad props to the makers even if @3mrgnc3 is an absolute troll lol. PM me if anyone needs a hint at any stage of the box.
Hi, i feel completely stupid, i’ve been stuck for a week trying to get inside this box.
I’ve enumerated all the directories listed in robots.txt and found an app that seems like a dead end even though i can access as an admin.
I’ve found other application with a login page that seems to be broken but can be easily fixed; found the username through it’s api and tried every password that has come into my mind without luck, tried brute forcing it but every attempt takes forever and it has some kind of anti brute force system, i’ve even tried using system.multicall…
I’m going crazy, can anyone give me a hand?
@Relwarc17 said:
Hi, i feel completely stupid, i’ve been stuck for a week trying to get inside this box.
I’ve enumerated all the directories listed in robots.txt and found an app that seems like a dead end even though i can access as an admin.
I’ve found other application with a login page that seems to be broken but can be easily fixed; found the username through it’s api and tried every password that has come into my mind without luck, tried brute forcing it but every attempt takes forever and it has some kind of anti brute force system, i’ve even tried using system.multicall…
I’m going crazy, can anyone give me a hand?
Yup, I’m in exactly the same spot here.
Given how many have solved its got to be something fairly obvious. Keep coming back to ‘re’,‘tar’,‘tar’ as the hint but what I’ve tried hasn’t worked so far.
@Relwarc17@bobthebuilder As somebody said in this discussion earlier: Maybe you don’t need the password for the other app. When this app is vulnerable what are typical attack vectors? How could you enumerate those despite the app is broken? There are several ways how you spot the interesting thing - focus on the interfaces that are not broken, use the tool that brought you here again, …
@kekra said: @Relwarc17@bobthebuilder As somebody said in this discussion earlier: Maybe you don’t need the password for the other app. When this app is vulnerable what are typical attack vectors? How could you enumerate those despite the app is broken? There are several ways how you spot the interesting thing - focus on the interfaces that are not broken, use the tool that brought you here again, …
Thanks for the tip @kekra. Went back and ran everything again (this time through my proxy to verify) and the tool showed what I was looking for and now have shell. Now on to user/root.
Like everyone else, I’m stuck on the priv esc…I can see what’s happening and I can “break” the “process” but I have no idea how to get code execution from all this.