I think the “Difficulty” column relates to the level of difficulty a little more But I get what you’re saying
I agree with both of you.
I think a lot of people new to HTB will try to start with this box because “its only 20 points, how hard can it be” and it is marked 5/10 (I thought it started out lower than that) with a lot of “easy” votes.
However, judging by the comments on this thread, questions I’ve been asked and the fact it took me nearly two days to get the first bit of code translation, I wouldn’t recommend this to new people. It isn’t a bad box, but there is a lot of it which is far from intuitive and not exactly what you’d expect from trying to own a box.
Yeah I agree, I would definitely send them to something like Jerry over this box to start out with
Agree that this is def. not a box for a new user … I put banged my head to just get user ,still researching root
Okay finally past all the decoding. A little initial fumbling with my web recon tools, plus googling, using ZAP, and keeping careful track of what I found and trying it, followed by more googling and landing on an awesome useful website and now… I’m ready to go get user. But first to sleep.
Edit: got user and now I have a couple of good tools to add to my hacker toolbox :-).
Got the addresses for system exit and /bin/sh I have the buffer size yet every single time for days and 1k attempts all it does is buffer overflow segfault no drop to root shell…wtf is going wrong.
@axle05 said:
Got the password idk*********. But not sure how to proceed from there. Any hint please?
You are near the user finish line. Finding where to use the password is one of the last steps.
I found the place to use this password. Unfortunately I’m stuck there now: I see 3 different vulns, but is quite certain those are for another version. Does this sound correct?
@axle05 said:
Got the password idk*********. But not sure how to proceed from there. Any hint please?
You are near the user finish line. Finding where to use the password is one of the last steps.
I found the place to use this password. Unfortunately I’m stuck there now: I see 3 different vulns, but is quite certain those are for another version. Does this sound correct?
There is most definitely a vulnerability that can be exploited.
@axle05 said:
Got the password idk*********. But not sure how to proceed from there. Any hint please?
You are near the user finish line. Finding where to use the password is one of the last steps.
I found the place to use this password. Unfortunately I’m stuck there now: I see 3 different vulns, but is quite certain those are for another version. Does this sound correct?
There is most definitely a vulnerability that can be exploited.
Hey. I got the idk password, and filled in the shell via csv file, but I can’t do anything and get the shell. Metasploit does not open the session, give a hint
How the heck do you see addresses without usual g** tool? I’ve tried with s***ce but I’m stuck. Anyone willing to PM me a pointer to the right tool? I’m not in a position to spin up another VM so I’d like to do it right on the box itself.
@LegendarySpork said:
How the heck do you see addresses without usual g** tool? I’ve tried with s***ce but I’m stuck. Anyone willing to PM me a pointer to the right tool? I’m not in a position to spin up another VM so I’d like to do it right on the box itself.
The TL;DR is that you don’t need to spin up another VM. If you don’t want to watch through the videos, just think about what exactly you need from g** and find the tools that get that information.
Edit: got root. Not hard, I just needed some rest. It turns out I have a system with the right architecture for development and I’ve even used the relevant tools before for debugging. I definitely would not want to try this without a system to do the development on.