Ghoul

still stuck!!

please help me i am a Eto user in ssh but i dont know how do i get user.txt
i know about docker,
is there anyone how can help me?

Could you give me hint for root.
I found exploit, but can’t use it

Would anyone be willing to PM me a hint to get into the file upload page. I’ve enumerated everything I can think of. Tried cewl to generate a wordlist and pushed that at it. Is it just a guessing game?

edit - Never mind. someone must have changed the password :frowning:

Could you give me hint for root.
I found exploit, but can’t use it> @whipped said:

Would anyone be willing to PM me a hint to get into the file upload page. I’ve enumerated everything I can think of. Tried cewl to generate a wordlist and pushed that at it. Is it just a guessing game?

edit - Never mind. someone must have changed the password :frowning:

Yip, unfortunately sometimes somebody do it

I am having some issue with the zip, I know what I have to do but I failed every time. Someone can give me a hint?

Holy ■■■■, what a journey! Path to root flag was so ■■■■ long. Hahaha.

Thanks @MinatoTW and @egre55 for a great but holy-■■■■-painful box.

Tips for user:
If you can’t see a path, make one.

Tips for root:
Pivot pivot pivot and ENUMERATE. Like ■■■■, there are so many hints and breadcrumbs all around but they’re spreeaaad ooout. For the very final step, you’re going to have to do a pretty oldschool exploit. :slight_smile:

I stuck with cookies, could you give hint PM?

hello sir,
machine-ghoul
i have user.txt. i am looking for root. i get to know that i have to upload a static nmap into ssh server. but i am having trouble in that , i dont know how but nmap is a dir and whenever i try to use scp to upload it. it uploads as a dir. but i saw in ippsec vaut video that he gives the dir a executable permission.
please tell me commands that i must use. please!!

Can someone give me a hint on how to find the passphrase for the ssh key lol. I’ve been stuck at this for ages.

I spent almost 3 days in total to solve this machine, but I’m happy that I have learnt some new things.

Thank you for creating this painful machine @MinatoTW and @egre55 - please make moar of these machines.

For root flag, some basic but useful advice that you may be bored of hearing;

  • monitor processes and file system changes on the machines you get shell
  • enumerate files as much as you can

Good luck.

Thanks guys , glad you liked that challenge.

Type your comment> @MinatoTW said
Thanks guys , glad you liked that challenge.

thanks to you sir, because of you, we learn new things
LOVE FROM INDIA

I have mixed feelings about this machine. I’m still not sure why this box is only 40 points LOL. It is probably the first time for me to see 4 con******* in 1 server in HTB so it should’ve been 50 points really. Just so that everyone here is on the line, this box is rated 6.4 as of now due to the fact that there are about 76.3% more people with user flags and without root flags as of now. Otherwise, I truly believe it would be at least in the 8.

The user was FUN despite the minor trolls, I won’t deny that. I won’t say the same about the root though.

“You’ve done well to come upto here human. But what you seek doesn’t lie here. The journey isn’t over yet…”

This is the moment when I wanted to break things apart.

The root was unrealistic in the files part, which I hated so much btw. Then comes the 30 seconds interval. Seriously?

The balance between the user flag and root flag is very bad in my opinion. So, I’m sorry but I’ll dislike this machine.

And I finally rooted…
Great job: @MinatoTW and @egre55 . I really liked the last step…

Please don’t make boxes like this in the future. You had some nice ideas, but you ruined all of it by making the like half of the box guessing passwords. Definitely the worst box I’ve done so far.

Type your comment> @Ryan412 said:

I have mixed feelings about this machine. I’m still not sure why this box is only 40 points LOL. It is probably the first time for me to see 4 con******* in 1 server in HTB so it should’ve been 50 points really. Just so that everyone here is on the line, this box is rated 6.4 as of now due to the fact that there are about 76.3% more people with user flags and without root flags as of now. Otherwise, I truly believe it would be at least in the 8.

The user was FUN despite the minor trolls, I won’t deny that. I won’t say the same about the root though.

“You’ve done well to come upto here human. But what you seek doesn’t lie here. The journey isn’t over yet…”

This is the moment when I wanted to break things apart.

The root was unrealistic in the files part, which I hated so much btw. Then comes the 30 seconds interval. Seriously?

The balance between the user flag and root flag is very bad in my opinion. So, I’m sorry but I’ll dislike this machine.

Thanks for the feedback, there were some unintentional trolls due to my mistake and I apologise for that. And I agree the root part got stretched a bit, noted it down for the future. The files part is pretty much realistic if I understand what you’re pointing towards. And the 30 second interval is to ensure the connection isn’t killed / dies in between. It’s not easy to simulate user interaction with so many people on the box, we had to make some adjustments to ensure everything works out of the box.

edit:nvm

Thanks @MinatoTW and @egre55 for the big box!!

Do I need to brute-force the login(Members-Area)
I tried all default creds( didn’t worked)