Just owned Help! I would agree with what is said here, ‘user’ was more complex than ‘root’. I’ve gone down a few rabbit holes here there, but yeah, this box is simpler than I originally thought.
Great box by @cymtrick ! Much to learn! And thanks for all the hints provided by earlier users! You guys are awesome! This is officially my 2nd active box immediately after Netmon! Being a newbie wanting to pursue offsec, HTB (and its community of users) is an awesome tool for learning!
Here are some of general tips I can think of:
- Enumeration is key. Not just enumeration from outside, but from within as well (once you’re in, that is). Gather as much info about the box using tools you have at your disposal. Clues will help guide/lead you to the next possible step.
- I haven’t tried not doing the “time travel” thing. So I can’t refute if it works without such changes. Maybe I’ll try that later?
- I didn’t use the “high road” since I’m not a developer and have no experience dabbling in that service. My background is network & infra, so instead, I took the path where the usual traffic is
- As said by other folks, the source code I found when I was searching for the vuln helped me understand what the application does to that which you send over. So yeah, to be a bit explicit, don’t believe what the error tells you.
- Once you gain foothold, user will just be around the corner. Then, gather info about that host you just got in to (i.e. enumeration, as with #1). Then, refer to some earlier tips/URLs mentioned here about attaining more breadth and depth.
Got a bit delayed since I had to repeat 2x since the box was reset earlier after I first got user.
Hope I didn’t give too much away. Apologies if I got carried away. Hit me up if you need some nudge.
Cheers!