@ASHacker said:
Hello Everyone, this is my first time solving any machine on (carrier) on HTB. so i need your help.
i have found a unique port 161 but it’s not opening on browser. i am trying to enumerating this but no clue…
and i found ‘error_codes.pdf’ file from where i got the clue that password is some serial no, but i also don’t know how to get that…
if anyone can give me hint what to do next?
I’ve been able to get a reverse shell, although i don’t really understand why i spawned into this machine and not on the web server (maybe i’m in a VM).
I think the next step is to find some info on the server on the subnet which is given in the ticket. However when I log in with ftp, it’s empty. I really don’t know what to do.
@nessaj said:
I’ve been able to get a reverse shell, although i don’t really understand why i spawned into this machine and not on the web server (maybe i’m in a VM).
The web server does not execute the code on its machine. there is a persistent ssh connection from the internal host to the web server, and the web server sends the commands you give it thru the ssh tunnel to this other host.
So your RCE is basically being funneled to another machine
cool. got user with RCE. now to move onto root. PM me if you need hints with user… but yeah RCE is all you need, then you just need to “locate” the file
I have a shell, got user.txt , I’m ‘root’ , I’m pretty far, but stuck at privesc. I’ve read that it’s a must to have knowledge about CCNA routing/switching, Maybe someone would like to teach me a bit
Guys the root is brain F**K and i don’t now why the review is so low. The difficulty is 10/10…You have to have CCNP to solve it. Even if you have CCNA you will not find the answer. Please be more objective when review a machine
Finally obtained root flag. Awesome Machine. I am just a month old in HTB and this was the hardest machine for me. Really learnt a lot. Special thanks to @tobor and @Tract0r for helping out.Pm for hints if needed.
Got root. Such an asymmetric box… got user in about 20 mins (half of that waiting for the nmap scan). Took a couple of tries to get root. Let’s just say that you need to brush up on networking. There was an earlier comment saying you need your CCNP, I’d say it’s not that extreme if you’ve hung around corporates for a bit and have been on the technical side, but if you haven’t had any network exposure I’d suggest reading up on different forms of network abuse. Hark back to your uni days and think on the OSI model, look at the tickets on the dashboard, and you should start to piece things together.
Happy to give out oblique and barely understandable hints via PM…