Curling

HTB Content Machines
195

@opt1kz said:

@galoryber said:
Exactly this. I’m here to learn before taking my OSCP course in the new year. The machines I’ve already done are very easy retro-respectively. Learning how to get there though… there is a lot of ground to cover.

You guys aren’t wrong by any stretch of the imagination. I can see why this box would be difficult for someone just starting out. I can’t speak for Frey, but, personally, I’m having a very difficult time trying to come up with hints that wouldn’t just be outright spoilers.

But that may very well be the disconnect between those with less experience and those with more experience; to me it seems like any hint I provide would be a spoiler, but if the person I’m providing that hint to isn’t already in my headspace… It might not even be useful to them. But it could also be spoonfeeding a third party reading the hint who’s in between us as far as skill/experience goes. So it’s a very difficult issue to navigate.

I think this is also why you see so many people just saying the same, tired ■■■■ over and over on this forum. “Enumerate more”, “try harder”, etc.

TL/DR: I don’t think anyone is trying to be intentionally unhelpful.

Hint for stage one: Enumerate. Examine everything (including page sources) and look for common file extensions. Everything you need to login is literally right there in front of you. Once you’ve logged in, you may need to research a bit before you figure out how to execute commands on the system, but it is very, very simple.

Hint for stage two (user): Again, it’s in your face. No tricks. If the first few bytes of the file look familiar, that’s because they are. If they aren’t, Google them. Either way, figure out how to transform the data into something else, and then repeat. Eventually you’ll end up with a plaintext something-or-other that you’ll (hopefully) know what to do with.

Hint for stage three (root): There’s something going on close by. You don’t need to venture very far. Figure out what’s going on and leverage it. Be patient. Examine the environment.

Any idea/track for the file backup?