SecNotes

@KuroiKuro said:
Can someone PM me a hint on how to solve the 500 error for the initial foothold? I think my query is wrong but I have no idea how to modify it to bypass the error

I have same issue.
can anyone PM with some help.

@ashr said:
So i got access to ā€˜special featureā€™ no prob. I donā€™t see anyone mentioning what im thinking i could use (if i could hard reset the box without its filesystem reverting back to 0) but i am probably wrong. Iā€™ve only seen one mention of it in the hints, that the thing youā€™re supposed to use to escalate is related to the users home folder ? Not talking shortcuts. seems like those processes start at startup and modifying them wouldnt make a difference unless i could run them again with elevated rights which doesnt seem logical. should i fux those or walk away ?

Haha, got it. There was a nice tip in a prior post. Tx m8, i should read better.

any one can give me some hints please ?

Is anyone having trouble keeping a session up for more than 30 seconds?

stuck at S**i, would appreciate a nudge. :astonished:
EDIT1: got it
EDIT2: rooted. interesting privesc :lol:

I can use some help guys :slight_smile:
Can someone pm me ?

Rooted !! well that really was not the priv esc i initially assumed it to be ā€¦ but a fun box

someone can send me some clues ? im blocked, this is my second machine :expressionless:
no spoiler, i find one thing usefull ma i dont know how can i use it

Finally rooted!! That privesc concept was pretty cool, but i totally made it harder on myself with rabbit holes.

Wellā€¦ Im feeling kind a dumb, but im not able to manage where to start the injection I tried in all pagesā€¦ :scream:

Rooted finally. Special thanks to @sanre and @PercyJackson35!

@dplastico said:
Wellā€¦ Im feeling kind a dumb, but im not able to manage where to start the injection I tried in all pagesā€¦ :scream:

same :confused: Iā€™m using htb to learn so I donā€™t know a whole lot. s****p doesnā€™t work and any s**i returns 500. I feel really stuck. Can anyone give me a nudge?

Rooted, thanks to the creator. Fun box.

@eXz said:
Also stuck, any SQL injections keep returning 500 error. Not sure how to get initial foothold would appreciate any hints.

im on the same, maybe is something very odd but I tried all fields also tried the 2nd lvl atack but getting the same error 500

Finally box rooted, it was really cool. At the beginning I lost a lot of time in the first steps, but when I saw the obvious things, it was possible to continue the way.

Good luck to anyone and anything can send me PM

I solved that part but now i dunno what to do. the files keep changing even after a reset? is this intended behaviour?

I am seriously stuck on this :frowning: Mas***n doesnt work and nmap takes too long. I cannot find another open port. Please PM me
EDIT: does nmap take that long on everyone elses pc or is it just me?
EDIT 2: Got user!

got root! pm me for hints, I wonā€™t give you the solution!

Hey, Iā€™m able to execute individual commands, but Iā€™m stuck on getting a reverse shell that doesnā€™t immediately die. Could someone PM me with some hints to move forward?

Hey did anyone else experience problems when trying to connect to c$ with the right password? pls PM
EDIT: I was just being really stupid. Got root!