Obtained the root flag finally. Thanks to @iphkvm for the help!
I have also rooted Irked, what box if recommended next for a beginner?
Obtained the root flag finally. Thanks to @iphkvm for the help!
I have also rooted Irked, what box if recommended next for a beginner?
I got user but I’m stuck on root. I see that the key it’s either c*** or w**** but nothing I try works. Can I get a hint from anyone?
Hi guys, can someone hint me?
I found the pb file but i’m stuck deciphering, someone can PM me ?
I got User. Thank you Marvin for you hint !
Hey guys,
Trying to solve my first machine here. Managed o get a shell as www-data. Found three files user.txt, a***-a***, p*******_b*****. No clue how to move ahead from here. cant read user.txt. Could someone help or give and hint on how work on p*******_b*****.
P.S : newbie here.
Thanks.
@WickSec said:
I got user but I’m stuck on root. I see that the key it’s either c*** or w**** but nothing I try works. Can I get a hint from anyone?
try looking at the enumeration result carefully …
anything out of the ordinary …check it out
Also there is a reason why the box is named CURLing
Hi guys, so this is my second box in HTB. I’ve got user, and i see two files in the a****-area, but i am not sure how to check which program is updating them, can anyone give me a hint please? Thanks!
Edit: got root txt, thanks everyone for the hint!
Read the comment above yours
got root.txt ,
but stilll dont know how to get root shell, please PM me if someone get root shell already.
EDITED: now got the root shell, thank you.
feel free to PM me if need a hand
Tried scanning with joomscan, joomlavs, nmap… browsed directories as a result of joomscan… got the username too on blog i.e. F***** ,saw s*****.*** on the page source at the bottom of page. tried many combinations of usernames and password but unable to access. first time trying on joomla… also people commenting overthewire level 12, i have completed it upto level 20 or something so that would be easy then. please help , message me.
Hey all, I have a reverse shell as w**-d***. I see the p*******_b***** file. I ran “file” on it, looked up the magic bytes. File says it is a**i, and the magic bytes says b2. I’m stuck at figuring this file out. Can someone PM me with a hint or point me in the right direction? Thanks!
@nadia said:
@RagsFTW try to fix the file with its extension b**2 by using xxd with the right option
Got it! Thanks! On to root…
Hello. Please help on on curl options. I’ve got user fl___s creds, ssh’d to the machine, enumerated the a****-*a and found how the two files are being constantly edited, but I’m not sure how to get cl to work the way I want it to. Please DM me. Thanks
Yezus, stop overwriting the index.php with upload … rly just create some another page…
root
already got the user.txt but still don’t know how to priv esc. a bit lost with the a—n-a–a, the two files there and the whole curling. PM with hints on priv esc are appreciated.
i am noob trying hard since 24 hour lol get user but now stuck in root but i will get it thanks for hints guys this machine explode my brain
Just want to thanks htb and maker of this machine i learn lot from this machine
Got root
I get the root
So to help others solve this challenge i will give you some hints:
PM me if you need more details.
Well, that was some run ^^ r00t3d ^^
If anyone wants some help go on PM me but I’m not giving 100% that I will help you since there are many ways to get this machine done just went the “just go by the flow” and it aimed me into beating this one
The first is website look into the “StarWars - May SOURCE be with ya” usr is on the main page just look for “Minecraft SIG Nature”
Second is to msfexploit the website look into administration and what can you do with it “again SOURCE MAY BE WITH YA” but just don’t do it on main page (no idea how? PM me)
got meterpreter? good for ya getting USER is same as every machine here
ROOT: well look for interesting files in pwd try to change them a little and come back later just go for coffee look at them again are they same? no ? good for ya found it now who changes them? exploit it! got root.txt flag ? GOOD JOB
Was fun for the third machine now onto a little bit harder G00D L: :CK!
read article on c***, tried c*** commands on the a-a dir for more info… the html code retrieved is of shell scripts, people are repeatedly uploding ss on i****.p. checked process wit h, ps commands…got only --c****-a with c***** writen on it’s right. pls help, don’t know what to do next