Chaos

Anyone available to checkover some code ? - don’t want to give away spoilers here

Got something to decrypt something , found something similar on google that, with a bit of alteration should do the job . Only issue is, its deleting the file or just outputting unreadable characters as apposed to what its supposed to do.

Dont really want to waste another day trying to figure why this is misbehaving.

Anyone perchance have a heads up on the direction I should be heading in since arriving at the p** creator site? Any help woud be fabs!

@CandiedPixel said:
Anyone perchance have a heads up on the direction I should be heading in since arriving at the p** creator site? Any help woud be fabs!

Hi there.

You need to determine what software the service running. Just use any web proxy tool, such as Burp Suite for this.

Once you determine what software is used, from there you can then search online for ways of exploiting that service (as others have already mentioned earlier in this thread :D).

Once you have exploited the service you should be able to get code execution/shell.

I hope that helps. Feel free to PM if you need any further help.

Rooted. Thanks @drywaterv2 for your encouragement to watch carefully the service.

To be honest, when I was somewhere in the middle of acquiring the user flag, I was quite frustrated. The reason is that I hate CTF-like boxes, and to be honest the whole user part was not really realistic. Plus, I hate brute-forcing stuff. Anyways, what I like a lot is the root part, that even though it’s easy for most people, is something different from what you usually see in this kind of boxes … and it was also pretty realistic as far as I am concerned. For this reason, I rep up this box. If you have any question, feel free to PM me, and I will try my best to answer you back ASAP.

. I’ve added the hostname and IP to the hosts file but still 404 errors.

NVM Overthinking it…

This machine is going to be the death of me, have never taken so long on a box, embarrassing. I can’t break out the rbash shell - ARGHHH

@UN1X00 said:
This machine is going to be the death of me, have never taken so long on a box, embarrassing. I can’t break out the rbash shell - ARGHHH

Same boat :confused:

@patvil said:

@UN1X00 said:
This machine is going to be the death of me, have never taken so long on a box, embarrassing. I can’t break out the rbash shell - ARGHHH

Same boat :confused:

I have sorted it now, PM if you need I have root.

I got to the “U wil fid noting hee” site. it creates p** files. At this point I am stuck. I found a aj**.p*p file and tried using zap but did not notice. any hints what I should do next would be welcomed! thx

I have got revers shell as ww*-***a, any hint for become user?

Edit: working on root

@th30ne said:
I got to the “U wil fid noting hee” site. it creates p** files. At this point I am stuck. I found a aj**.p*p file and tried using zap but did not notice. any hints what I should do next would be welcomed! thx

Use Burp for see what happens… aj**.p*p is not the way.

Alright, I am having trouble figuring out how to actually utilize LX within the PF CER ! I have Googled the snot out of the topic and there are very few walk throughs laying out the process. I have used BR and one code gave feedback but the D*ld url did not exist. Any help based on that knowledge would be amazing. Sorry to bother all.

Hi All, please can someone PM me. I am struggling to find the decryption file. I used WF*** and D*** and still no luck.

If anyone needs help with the decryption portion give me a ring :slight_smile:

Finally got this box. This is only my second box on HTB and there were definitely some quirks to getting it going. Once I figured those things out it went much smoother. Fun box.

If anyone needs some direction hit me up.

Finally rooted! Get root is trivial once you do the hardest part, the ‘echoes in my mind’ get me out xd
Gracias @samsepi0l por el apoyo! :wink:

I got to like this one as it progressed, though as a rule i don’t generally care for CTF challenges

New users may find this one fairly complex - as always enumerate and read this forum well, it has everything you need

Seasoned HTB users - Just don’t overthink, pretty much everything has been covered in other boxes

Initial step : if you believe your on the right path, and its refusing to work - try clearing your browser cache and try again

Next bit - i recommend cli over gui

Brush up on python (i had to !) or use what you find and search google for a similiar script

User - so blindingly obvious it will slap you in the face

Root - not complicated. just look for something out of place in the user folder

Thanks and respect given who nudged/proofread on a certain script step - you know who you are

rooted this machine if anyone need help feel free to pm :slight_smile:

Hi folks,

I’m stuck a little getting a shell. I’m using th w****18 option to spawn a php reverse shell but it drops immediately after the connection is established. Did anybody had the same issue?

EDIT: solved. The pe(a)rl of wisdom helped. Thanks for that!

Heres a pearl of wisdom - you can use other languages other than php