Hint for Waldo

@JeanMichel said:
If you are stuck at the enumeration and you can only see “html” and “localhost”, imagine that the filter only delete “…/” of your request, but not the total string ^^, so it’s breakable, I didn’t use weird characters like %2e etc… It’s really easy ! Don’t think too much :stuck_out_tongue: Hope I helped someone

THANK YOU

Enjoyed this machine… Thanks to those who gave some great hints… Learned some new linux commands on this machine and some other techniques…

For those stuck on initial foothold: There are a couple of posts here, some with articles, that will help you out a lot!

For those stuck on the priv esc and steps before that, the key is research to what you have “access” to for the first part and then what can help you and you have access to to get what you need…

ARRRRG, back here again. I’m able to see the user.txt file, however there is a filter not allowing me to read it… how can I bypass it? or do something else? Am I going the wrong direction? PM me :slight_smile:

If you need help on initial access I’m ya guy!!! :-1: ) Working on privesc.

That’s something new for privesc. Wow!

I’m stuck. I tried a few things on transversal but I looks like i’m not experienced enough.
Could someone pm and explain me what I’m doing wrong?
THX

man I would love to know how people are broadcasting messages on this machine. thats cool… the ‘wall’ command won’t work for me

Spoiler Removed - Arrexel

Hi Im Having trouble on last stage of Priv Esc (hopefully). I have logged in as the M* user and have escaped, but reached a block. Any hints / nudges would be appreciated either here or by PM to avoid spoilers . Done the usual crontab, look for suid binaries, permissions seem good.

finaly got ROOOOT pffffffff
a lot of thing to learn

@Djinn45SQL99 said:
man I would love to know how people are broadcasting messages on this machine. thats cool… the ‘wall’ command won’t work for me

export PATH

Nice PrivEsc!!! I learnt something new about Linux and enjoyed this box very much. If you need hints feel free to PM me!

Can someone PM with with priv escalation? already logged in as m******

Looking for help with priv esc. I have mo***** but cannot escape limited shell.

Finally got root. Happy to help those who stuck to on priv esc.

WOOOW ■■■ root was achieved…
Learned a really cool new thing to check for during priv escalation. Also cool to know that this exists in linux.

PM if you need help guys Shout out to AcEb0mb3R for helping me get root!!!

HIi guyzz… i have the key, IK its the key which has to be used,
I am not able to remove the bad chars from it.
I tried curl command, tried removing manually, doesnt seem to be working.
:frowning:

got it :frowning: wasted a lot of time on this key

Hiya folks. Kinda stuck as the m*. i have escaped the shell and looking for clues.found some, but still stuck on what to do. Can someone pm me with a hint? Thanks!

Finally got root.txt - What a journey! Certainly a unique HTB…

Had great fun nonetheless - If anyone is incapable :wink: of priv esc or user drop me a quick message.