FluJab

Type your comment> @3mrgnc3 said:

https://www.youtube.com/watch?v=ffV-Nk6tPBk

hahahaha ■■■■ im out of the band and i have a flu and i need an injection… Nice hint there @3mrgnc3 :slight_smile:

After so many hours I finally made it! I like the box but I’m glad I don’t have to touch it ever again :slight_smile:

@RootRipper said:

Type your comment> @3mrgnc3 said:

https://www.youtube.com/watch?v=ffV-Nk6tPBk

hahahaha ■■■■ im out of the band and i have a flu and i need an injection… Nice hint there @3mrgnc3 :slight_smile:

Nice to see someone got the clue instead of amusing I was trolling.
:wink: :+1:

Type your comment> @3mrgnc3 said:

@RootRipper said:

Type your comment> @3mrgnc3 said:

https://www.youtube.com/watch?v=ffV-Nk6tPBk

hahahaha ■■■■ im out of the band and i have a flu and i need an injection… Nice hint there @3mrgnc3 :slight_smile:

Nice to see someone got the clue instead of amusing I was trolling.
:wink: :+1:

I think my knowledge of sp_cof*g is the one trolling me instead. I cant seem to figure out how to get creds from the jab that needs freeing. If anyone can be kind enough and help me before i troll myself to death with false ideas. :frowning:

Hi guys!!

This box is amazing, and full of lessons.
I’m stuck for the moment, with I hope the last challenge before getting user real shell.
I can add mysefl and partially connect to a service. But even with all i find regarding this service in home/service-config, i can’t figure it out.
Any hint or tips are really welcome in PM, please.
Thanks

I keep getting redirects when trying to access https://sys******--1..:8*8, on FF and Curl. I deleted cache & cookies from FF to no avail but curl returns the same redirects so it must not be that. Not sure how to proceed.

Nevermind, found it.

hey all, I would appreciate some direction when it comes to escaping… I can’t seem to figure out how to do it. I’ve exhausted all the methods that I’ve found online. Any help would be appreciated.

i could make the nurse talk and see the responses TIG*R SC**T etc. is this rabbit holes ?, if not, anyone can help to give the direction from here would be appreciated.
thanks

Type your comment> @kecebong said:

i could make the nurse talk and see the responses TIG*R SC**T etc. is this rabbit holes ?, if not, anyone can help to give the direction from here would be appreciated.
thanks

edit:
got root, thank you @Xentropy and @limbernie for your help! ?
Thanks @3mrgnc3 for all the effort you put on this box!

Type your comment> @Amen0 said:

Hi guys!!

This box is amazing, and full of lessons.
I’m stuck for the moment, with I hope the last challenge before getting user real shell.
I can add mysefl and partially connect to a service. But even with all i find regarding this service in home/service-config, i can’t figure it out.
Any hint or tips are really welcome in PM, please.
Thanks

same boat. any hint please.

EDIT: Rooted. Interesting and difficult box. Thanks for little help mates.

edit - After getting what I needed from the nurse I’m messing with the aj**i login. Pretty confused to say the least. I’m guessing this is where it’s been suggested to use firefox? Doesn’t seem as wonky, annnnd I’m stuck again.

Type your comment> @Amen0 said:

Hi guys!!

This box is amazing, and full of lessons.
I’m stuck for the moment, with I hope the last challenge before getting user real shell.
I can add mysefl and partially connect to a service. But even with all i find regarding this service in home/service-config, i can’t figure it out.
Any hint or tips are really welcome in PM, please.
Thanks

I’m also stuck at that place. Could anyone pm me a hint, please?

Rooted, but now that I read this topic in full I have to comment.

This is a really great box. Closest to a real pentest assignment for me so far (and I’ve done some of those). The fact that there is potentially lots of information, many routes, “rabbit holes”, annoying proxies - that’s all too real. Fortunately, even ignoring the “scope” it shouldn’t be too long before you arrive at the promising interfaces if you do things efficiently and have the ability to prioritize (what some people may be lacking?). In real life ready-made tools often fail on you, so you have to get your hands dirty. And you may have to investigate thoroughly once something promising is spotted. The box was dropping some requests from me, as would often happen, but more interestingly I even managed to completely lock myself out a couple of times. That again made it only more real then the rest. Understanding what you are doing and how it influences the rest of the system helps. The root part was nice too.

As of clowns n ■■■■, I personally found that hillarious :honk::honk: Nice themes and cool content.

We need more boxes like this one.

Is the super leet thing a rabbit hole?

Hey @psie
Really glad you enjoyed it.
I always appreciate all the well reasoned and articulated feedback people take the time to post. (Both good and bad)
I’m gonna try getting around to making another similar box sometime soon.

Cheers buddy,
??

hey guys! i’m very new to this and thought i’d see what a challenege felt like. Talk about getting rekt… but anyways, would love to pick your brains about how to deal with this clown after the first custom 404. also my burp isn’t picking the page up but i’m sure its because of something i’m not doing. anyone mind giving a noob like me a hand? sorry if i’m annoying or anything

Spoiler Removed

Type your comment

While I’m at it. Everybody seems to have an opinion on this box (most opinionated thread I’ve ever read on HTB, IMHO) so here’s mine. I find the inability to run tools annoying. All it does is make the process of pentesting take longer. I assume most people that run tools/scripts/automated scanners/etc know whats going on, & can usually figure out what’s going on with “verbose” output settings. BUT, if the box creator sez “N0 T00LZ!” so be it, I can respect that. I did not appreciate the TR-909 kick drum alarm/klaxon (or whatever sound it is) with the clown, because my speakers were turned up LOUD from music playback. My poor speakers crackled :anguished: not cool Emergence. I do feel antagonized, as an HTB player, throughout the box. I’m a sensitive person, & I’m anti-bullying. I do not get a feeling of “that’s it! I’m gonna pwn this box now!” more like “That’s not nice.” I’m not a competitive person, I believe in playing fair, good sportsmanship, & encouragement. The Cow comments seems to be rabbit holes more than clues (is there really a Scott user with password Tiger? I highly doubt it.) & the PHP shell is misleading. I wasn’t fooled, but I’ve got much experience. The fake shell is not something your gonna find in a real pentest (unless it’s a honey pot). The clown, SSL, proxy stuff, fake sites, no big deal, I can see why the box author thought they were being phunny. Also, mean jokes are not cool. Maybe I’m being too politically correct, but I get a feeling of classism on the “Going below the Poverty Line” commented code. Being economically challenged is not funny, & joking about it is not cute.Just saying. So yeah, next time, avoid the multimedia sounds (unless they’re at a sensible volume) or I’ll sue you for new speakers! (maybe :wink: ), & please, no more/extra rabbit holes/fake leads than there needs to be (there’s already a box called “Rabbit” if you want those), these boxes already take forever on their own. I respect all the box makers for their contributions, & I’m pretty sure I’ve never given a bad review (thumbs down) because of that fact. So THANK YOU Emrgnce, & all box makers. Also, don’t be a condescending ■■■■ about being a pro paid hacker. I’ve been hacking for 30yrs, worn more “hats” than anybody, & left ■■■■ talking back in the 1990s where it belongs. All that talking trash does is make people look prejudiced, jealous, ignorant, etc. I believe trash talking kept a lot of females out of phun activities like skateboarding, guitar playing, computer programming, video games, & if we want girls involved in cool activities (I hope we all do!) then leave the macho BS alone. We’re all in this together, for knowledge.

somebody that help me with find to nurse? I enumerated every dns but I don’t get nothing