onetwoseven

well, im trying to upload a plugin but i cant find the right location, i think i tried everything, im aware of the “rules” and what problems i must overcome but i dont know how, any help?

I can get the “File uploaded successfull.y” message, but cant see the file. I’ve read the code and I think I understand it, could someone give me a nudge in the right direction please?

Any help with tunneling to a high port… it just times out… I have creds but cant figure it out. please pm me

I’m stuck. I have the SP credentials from the site, and I’m able to login and upload as I wish, but I can’t seem to run anything beyond the HTML page. I’ve tried all the options in the help menu, but none seem to make any difference on wither the site or SP.

I know theres an admin page at a higher port, and I’ll need to do some SSH tunneling to get to it. But When I try, it resets the connection. To me, it seems like there is a cred in S****P that I need to get first

What am I missing?

User grabbed! Thanks to those who reached out to help. On to root!

Definitely a difficult box - but rewarding and good practice of a load of techniques.

Not quite root yet, but got user - if anyone needs a nudge give me a shout on PM.

Type your comment> @PavelKCZ said:

One thing I would like to know. Is there someone with the OSCP certification ?

How hard or simple is this box compared to boxes which are used during OSCP certification ?

For the privilege escalation, I would say this box is harder/more intricate than anything I saw in OSCP/PWK.

For user, I would say it is similar level as the medium/difficult PWK machines.

I’m able to get a tunnel to the localhost port, however I keep getting 0 length responses no matter what a send (valid creds and everything). Anyone else run into this?

This has been one of my favorite boxes on HTB.

The stability, scenario, closeness to real life and “cleanness” of the box separates itself from many other boxes. No need to brute force, no unnecessary network traffic, no “guess the box” kind of vectors, everything clean and neat. It also teaches some very important skills.

Many thanks to the maker of the box (@jkr). I’m looking forward to see such beautifully crafted boxes from him again as soon as possible.

need hints for root…cant figure out a way to ‘serve’ the malicious file.

Hello fellow hackers! Will need some guidance on this box. Here are my actions so far:

Access SFTP
Upload a “malicious file” to get shell
Outputs complete/partial source code without execution
Checked the commands on the SFTP app can’t figure out what can be useful
Cheers!

I have a (what I think is) a successful ssh tunnel, but when I access the page on the high port it returns a blank page. Could someone please pm me?

Edit: figured it out, thanks dreamerscoffee!

Hey guys,

I am kinda stuck with getting the user flag, here’s what I have tried so far:

got the credentials to the SFTP and uploaded a PHP shell but no luck in executing it.

went through the help section of the SFTP command but couldn’t find anything useful in particular.

any nudge in the right direction would be appreciated.

Everything but one returns a blank page now that my tunnel is up… this seems rather… FOWL… .>:] any ideas?

@FNGCrysis I am getting a same blank page.

Any help from anybody is more than welcome.

i found the user.txt , but now i am stuck with root and i have no idea what to do next… any hint?

any hints about how to tunnel to high port ? thanks

Also stuck on root. Got shell as w**--**** and found the a-g thing. I am able to route the a-g thing through my machine. I have setup my own r***y, but how can I exploit without a good sign. There is a thing with a-g recently, but this one is updated already. Any hints? What are good docs to move forward?

done tunneling reached kin***m panel … stuck with creds . any help would be great

EDIT: got user flag

@whysohard said:
any hints about how to tunnel to high port ? thanks

https://www.jollyfrogs.com/jollyfrogs-pedantic-guide-to-pivoting-part-1-ssh-local-port-forwarding/

Spoiler Removed