I’ve got the User, I’ve no idea what creds people are guessing for the web login though and I’ve spent a couple of hours exploring via FTP but failed to find any creds written down anywhere, even with the more thorough approach to listing contents. Can somebody PM me a nudge please? Thank you!
Cheers for the hints - I had the right details, just needed to kick the box to get them working I know what I’ve got to do for the next step, give me a week and I might actually work out how to do it too! :-/
I’ve got the User, I’ve no idea what creds people are guessing for the web login though and I’ve spent a couple of hours exploring via FTP but failed to find any creds written down anywhere, even with the more thorough approach to listing contents. Can somebody PM me a nudge please? Thank you!
Cheers for the hints - I had the right details, just needed to kick the box to get them working I know what I’ve got to do for the next step, give me a week and I might actually work out how to do it too! :-/
Similar sitiation as @19Rich. I have explored all conf file, unsucessfulls web login to get root access.
I just have to post something. OK. I kinda get why PPL are resetting PWD or reverting box. Can I just say think about it before you revert, yes if you did the most obvious way to get flag it’s probably the best/only option. but for all those resetting the password you are idiots, yes I mean that! read the htb rules for machine submission, if this was something needed to get root then box wouldn’t be alllowed!!
I asked for help a few times on this box, didn’t need it. It was all down to PPL resetting PWD or reverting box. so to help (as I like to): initial foothold is mega simple (no help there), that’ll get you user flag. next step keep enumerating, what application did you find, what version is it, are there any known vulnerabilities??? (yes there are!!). read the stuff you find about exploits, could there be anything you can do different to what you see online? another option maybe? play around.
Finally: DO NOT RESET PWD. if you see an error, what other things can you try?
DO NOT REVERT/RESET BOX unless you have to!!!
OK maybe I feel a little bad after those posts: Where else would you expect a NOOB to start other than a 20 point box! but you would also hope that those NOOBS would look at forum like I do when I am stuck, so if you are such a NOOB or a complete idiot experienced person changing PWD (lol) please read the comments!!
PLS PPL, read all previous comments before posting! : this box is IMHO 25 pointer(yep 5 extra!!): use what you get for initial ENUM, keep going, read up on possible VULNS. play around with those!!
Super noob to HTB and system hacking in general. I’m trying to pwn user via FTP but I’m stuck so need a little direction. How should I be thinking to get the user? I have been stupidly trying out default creds. Would really appreciate some help.
Super noob to HTB and system hacking in general. I’m trying to pwn user via FTP but I’m stuck so need a little direction. How should I be thinking to get the user? I have been stupidly trying out default creds. Would really appreciate some help.
Can anyone confirm if there is a way to proceed to root without logging in to the web login? I am pretty sure I have the correct username and password as it seems to start to login (showing percentages and other items) but then drops out. This is different than when I use the incorrect username and password. Even after someone else reset and I jumped on it as soon as it was up, I was not able to fully complete the web login.
Super noob to HTB and system hacking in general. I’m trying to pwn user via FTP but I’m stuck so need a little direction. How should I be thinking to get the user? I have been stupidly trying out default creds. Would really appreciate some help.
We use this application. I now know a good amount about the vulnerabilities. Granted we are very diligent about keeping things upgraded, this box has helped me better secure our environment. Big thanks to the creator.