Curling

Finally I got User, PM for hints.

And can Someone Hint me about Root ? I’m on the A****-***A but i dont see what to do !

@yunaranyancat Got root flag… What about root shell ?

Think I might be retarded. This is my second machine. I can not gain access to find user.txt

I have enumerated directories and looked at source. I spotted a s*****.*** in the bottom of html source. Found potential credentials, which don’t work for SSH or for Admin Authentication.

Any pointers on recon? I’ve been looking at this for hours and am wondering am I simply dumb :slight_smile:

Hints would be appreciated ! I will continue to read through these posts and look at the source in the meantime.

EDIT: WOW I feel dumb… note to self, stop overcomplicating things…

EDIT2: did anyone else find that user.txt was empty? I managed up**** a s**** to the server and am browsing the file system, but the flag is empty for me.

got a couple of pointers here but all in all was a fun box. As other’s have said getting root access is right in front of you if you have user.

Just rooted this machine, twas fun; anyone need any hints let me know

I feel like slapping myself right now. Been trying to upload with quite a few different ways, when all that was needed was right there already. On to user now !

edit: got user !

Just cannot believe how I made this difficult for myself, definitely DO NOT overthink it.

USER: was pretty straight forward, you do not need a reverse shell to get what you need.Once you get that file work your MAGIC to solve it.

Root: Like others, I spent hours on this when it could have taken me 2 mins to solve it. Look for files close by, see what is happening.See the relationship between files.

Again, do not overthink it and do yourself a favour: read the manual for that famous command!

Really enjoyed this box.

If you need some help feel free to DM me.

Working on root now, but I felt i should say this for the people who have to do a full 8+ hours at work and their brain is a little exhausted when they get home and jump on HTB.

INTFH: Pay attention to everything, think like a circa 2007 middle school student taking his first CS class and having to build a webpage. What mistakes do people generally make as beginners when they have a hard time remembering things.

User: The language that’s used in this service is notorious for having RCE exploits so just dig around a little bit. If you can’t figure out how to get the exploit working there’s a youtube video what with a well crafted google search would make it the first video you see. You don’t need to pop a shell if you don’t want to, File Inclusion worked just fine for me.
EDIT**: it’s worth mentioning that you don’t NEED ANY OUTSIDE TOOLS up to ^^^ this point. Everything can be done without downloading anything new, that goes for that FILE :wink: as well. Like someone earlier said, OTW is your friend.

Root: Well that was fast, for the record please delete the flags once you get them lol, if you can’t then reset the box XD The method is right in front of you, IF you think you have an idea of whats going on, make a non malicious change and see if it works.

rooted anyone need hints pm me.

finally rooted. pm for hints !

Rooted!!! I struggled after user.txt. Felt pretty silly once I figured it out. PM me if you need any hints

I’m banging my head against the wall here.
I’ve logged into the admin panel but all my attempts to upload a reverse shell failed as zoomla always sanitises everything even if I change the plugin options etc, wondering if anyone could push me in the right direction

I have got the s*****.t** is ssh into Fl**** possible ?

@JCisme said:
I have got the s*****.t** is ssh into Fl**** possible ?

Try and you’ll find out. If using the file you found to ssh doesn’t work, try to use it in another way

OK, onto root now. thanks guys for the tips!

stop defacing the index !!! wtf

@nonamesfor said:
stop defacing the index !!! wtf

but that’s half the fun! :tongue:

Finally rooted that one. Root.txt was quite simple, but root shell was a bit more elaborate because I didn’t know such methods. Learned quite a few things. Thanks @L4mpje for this box, was quite fun ! :slight_smile:
If anyone needs a few hints, send a PM !

Got User and Root.txt. Can anyone PM me hints for root shell ? If you’re gonna PM me for hints, please include what you tried and didn’t work and we can go from there. Literally had one person PM me saying can I know what the solution is and I’ll learn from the solution. SMH

UPDATE:

Thanks @devilswolf @jkr @L4mpje and everyone on this thread for your help! It’s only easy once you know how :smiley:

Allright, I have to ask. Either someone is trolling me (I see you in there =P) or I am overlooking something right in front of me. So far, I’ve gotten this:

  • I have the user.txt and low-priv user shell both through reverse shell and through ssh, so I can run commands as two users.
  • I can see the files in the a****-**** and see the events and the output.
  • I can use those events to make other things happen by editing things, but that may screw things up for other people here, so I have not used this avenue.

What am I missing here? I can not for the life of me find the source of the changes reflected in the a****-****.

Any hints or nudges in PM would be welcome.