Carrier

Hint for privs. I have some problem with F***** service in IP discovered

@n1b1ru said:
Hint for privs. I have some problem with F***** service in IP discovered

Clear. The problem was with B*P. Same point

Anyone available to discuss about privsec? I’m almost there, but still stucked :angry:

This was a tough box.

@tobor said:
This was a tough box.

You’re right so tough. Anyway it’s very interesting in order to learn more and more

I would love a DM if anyone has a chance. I’ve got the qa b terminal and am trying to access a special service for VIPs. I can communicate, but can’t figure out how to receive information. I know I am 99% there, but don’t understand how to edit configs for h***k

@l30n said:

@jackshd said:
someone is available on PM, i can enumerate the 1*1 port but i can’t get the SN.
i treid several tools, with several options without success.

Hint : sometime you just need to learn from Simple Natural Mistake and Walk in the crowed Public with them. Make sure you use the right shoe Version.

The hint was for the webapp. Not at user yet. Anyone help?

Can anyone help me with the privesc?

I already know the services that are running, not actually sure what i need to do now.

wow that was hard but I finally finished privsec…thanks for the confirmation that I was headed in the right direction and guidance @testacl !!

Stuck at RCE, I’ve tried numerous ways trying to modify c***K but nothing seems to grab. Could use a pm nudge if anyone is willing to help out :slight_smile:

Rooted. Definitely one of the best boxes on the HtB platform. Feel free to PM me for any hints on Priv Esc/anything else; a decently strong foundational knowledge of networking is a must for the priv esc.

Hello!!! From the Diagnostics page I’ve found the user…I’m trying to understand how to login :smiley: I’m a newbie, not expert in web exploitation :frowning:

@lantuin said:
Hello!!! From the Diagnostics page I’ve found the user…I’m trying to understand how to login :smiley: I’m a newbie, not expert in web exploitation :frowning:

Ok, I’ve discovered the RCE. I’m trying to do a reverse shell without success!!

U> @lantuin said:

@lantuin said:
Hello!!! From the Diagnostics page I’ve found the user…I’m trying to understand how to login :smiley: I’m a newbie, not expert in web exploitation :frowning:

Ok, I’ve discovered the RCE. I’m trying to do a reverse shell without success!!

Do you get a NC response at all? I used lower port and was getting a failed shell.

I got root as a user in my reverse shell. I am assuming that the root flag is not in the root user location since I found the user.txt as root but no root.txt? Anyone else get this?

@l30n said:
I got root as a user in my reverse shell. I am assuming that the root flag is not in the root user location since I found the user.txt as root but no root.txt? Anyone else get this?

This is normal. The princess is in a different castle.

@tty said:

@l30n said:
I got root as a user in my reverse shell. I am assuming that the root flag is not in the root user location since I found the user.txt as root but no root.txt? Anyone else get this?

This is normal. The princess is in a different castle.

Nice!

Awesome, hints helped a lot thank you so much @bokanrb , looking forward for more help hahaha :slight_smile:

@l30n said:
U> @lantuin said:

@lantuin said:
Hello!!! From the Diagnostics page I’ve found the user…I’m trying to understand how to login :smiley: I’m a newbie, not expert in web exploitation :frowning:

Ok, I’ve discovered the RCE. I’m trying to do a reverse shell without success!!

Do you get a NC response at all? I used lower port and was getting a failed shell.

Yes I’ve got it!!! Now I’m going to privilege escalation. I’ve just found another interesting access…

FOUND the princess in the different castle!!! Very very funny, this is my first privilege escalation!!! :slight_smile: I’m veeeeeery happy. Thank you everybody!!!

EDIT: I’ve found the user.txt in the different castle. Now I’m going to look for the root.txt