Saw what the privesc was in the time it took to type “that” command after landing on the box and have spent longer than I want to admit trying to get a tty but I’m blocked by a password request. Brains just turned to candyfloss at this point.
I went down this hole too. You don’t need tty buddy, just keep looking at that command and where you can run it
USER: I didn’t used the tunnel thing. It was easier with another exploit IMHO, only need a little modification to point to the correct site
After that there are a lot of documentacion, I saw a video but the file in the comments broke the server, don’t use that, try to download the same file from another part but use the contents of the video to achieve the reverse shell.
too many things are present which obviously out of place… F**_S** ex** was there already and for admin you just type in those (f** f**) you found. Rooted and then had to figure out how expliot and M*** C*** worked. Root is sooooo easy that you don’t even need any tools, just check you permissions and go for it.
USER: I didn’t used the tunnel thing. It was easier with another exploit IMHO, only need a little modification to point to the correct site
After that there are a lot of documentacion, I saw a video but the file in the comments broke the server, don’t use that, try to download the same file from another part but use the contents of the video to achieve the reverse shell.
ROOT: With a common enumeration you can get it.
This file corrupts the server because of the first option checked. If you uncheck that, it’ll be ok.
too many things are present which obviously out of place… F**_S** ex** was there already and for admin you just type in those (f** f**) you found. Rooted and then had to figure out how expliot and M*** C*** worked. Root is sooooo easy that you don’t even need any tools, just check you permissions and go for it.
Creds on the downloader dashboard doesn’t work anymore? Did something happen?
They don’t because you should know how to get them using exploit.
‘did not work’ literally means ‘did not work’ and someone just used it leaving the creds for others
WOW JUST ROOTED AFTER 18 HOURS. Was stuck on priv escalation for the majority of the time. Shutout @lemarkus for the help!
So much frustration over a " "…
Also bought a shirt from the shop! all the stickers were sold out!
I’m really stuck on RCE and could use a nudge. I know I don’t really need a tty, i’ve tried all that i know how to try and googled constantly but i am still new to this. PM me please
Got root! Really nice box!
However, I think I didn’t use the intended way for user. If someone with a good understanding of user would like to pm me to discuss it, that would be awesome.
Root was pretty straightforward, pm me if you need help.
This box was a nice way to ease myself back into HTB.
Initial foothold - nice and simple, if you remember it is a very old version of the CMS.
Rooting took about half an hour longer than it should have because I didn’t pay attention to the exact wording as I enumerated. Once you have that, it is seconds.
Finally rooted, the machine was very easy, but due to the instability and all the users that cause the 503 it was frustrating on the free server. Tips:
User - I’ts all about google around exploits, don’t stop only on exploitdb, look on youtube, on blogs, there is a lot of material online. (A little tip, if you have problems with the common rev shell, use meterpreter)
Root: it took me 5 seconds, just do the most common things you do after logging into a machine, no script is ever needed