Vault

Edited

I was stumped as to where this so called log file was - then i found out some idiot had deleted it.

To the person who deleted said log - I hope you sit on a large cactus !

@ZaphodBB said:

Edited

Im stumped as to where this so called Log …

To the person who deleted said log - I hope you sit on a large cactus !

??
You can just reset the box. Logfiles are on every Linux in a specific directory.

Anyway, the box had a very well thought out design kudos to the maker.
Content we all wish to keep seeing here on HTB. Once again, bravo !

User hint : “We need to go deeper”, you really need to, keep enumerating interfaces.
Then it’s all normal linux stuff, it is one of those boxes that you need to keep notes where you at and where do you need to go.

Root hint : well things here are a bit tougher once you find what you need to look for, you will see something that maybe most of you haven’t done before. Take a step back think how he manages to login and with all that port forwarding/tunneling stuff that you used to get there… well you will figure it out.
As for the file , google is all you need

Oh I’m quite aware it can be reset , as am i aware of where logs are stored - shouldn’t have to keep resetting the box though due to some idiot.

Either way, deleting files that are relevant to the box is a really shitty thing to do

Well fortunately never happened to me, i feel you ahah.

Rooted Successfully Thanks@dmaendlen for the hint.

Wow! Just wanted to say thanks to the creator as I learnt sooooooo many new things. Although, I’m not sad it’s finally all over and rooted :wink: My brain hurts!!! Haha! I wasted far too long with the web directory enumeration at the very beginning, kicking myself as it’s not the first time.

So, my hint to others is to keep track of the exact directories searched at, wordlists used, file extensions looked for, etc. That way you can ensure that you’ve covered everything and can work through the site progressively rather than trying the same thing over and over just hoping for a different result… :slight_smile:

@nol0gz
Great box, the best from HTB boxes so far ! It was not very tough for me, I had the huge fun doing it, recalled some things and learned a couple of new. Thanks !! :slight_smile:

got root, learned a lot. PM me if you need help!

Its a box, in a box, in another box. How many new technicist did ii learn? About 4 or 5 new thing. It was tough for me, especially n**t. Taking off my hat in front of @tabacci and @cyb3reagle for help.

Edit: thanks @ZaphodBB for the nudge!

Rooted
user part is easy … i found two ways to get shell… i think it might be more
root part requires more effort to grab flag.

I’m totally stuck at the o**n RCE. Tried to execute bash revshell commands but no luck. Also the V*C port is just giving me black screens… Any hint on how I could get unstuck on this?

Nevermind… Got that part, on to vault now.

Rooted. Great box, so angry at myself to have missed so much information. I lost myself in the maze so many times without noticing.
User was a pain, root was super easy.

Did anyone got a root shell on V****? I wonder if there is a privesc or something?
If anyone got a root shell I would be glad to know how you can access it.

Got Root!!!
Amazing machine…
Must recommended for those who want to do some network pivoting and tunneling stuff.
Also thanks to @cyb3reagle for helping me in .ov***n part.

Type your comment> @dmaendlen said:

@humurabbi said:
Can anyone point me in right direction?
got first user d***. Found the webserver running on D** . But have no idea where to get .o**n file

write your own

This is a good one -:slight_smile:

Removed

Nice host, it was fun.
The only what I’m wondering about the purpose of restricted shell by the end.

Type your comment> @janewilde said:

It’s never too early to start discussing a new box!
Still enumerating, only found one 403 page :slight_smile:

did you get it ?

rooted: Finally came home… thank you all that helped me… you know who you are