Player

@3sP3rTAlHaO said:
Hi all First, I would like thanks for @MrR3boot , @12thRockyou and @johnnyz187 for help.
After 3 days “not focusing” I got owned
Great box @MrR3boot

@dr0ctag0n said:
Thanks @MrR3boot , this was an awesome box with plenty of new and interesting attack vectors.

I particularly liked how straight-forward it was in regards to needing a specific thing to unlock access to the next and so forth. It didn’t get too much into the weeds, although the initial step was pretty hard to get without hints…the ones on the site weren’t quite specific enough.

It’s all just a learning experience though, so I guess mission accomplished. :smiley:

@dr0ctag0n @3sP3rTAlHaO Thanks for the feedback. Hope you loved it <3

Learned important lessons from this machine:

  1. Always try harder, and don’t give up
  2. Never overlook the information gathering phase

I can’t imagine if this was a real penetration testing engagement. I’d have failed my client miserably.

Good machine @MrR3boot :+1:

Type your comment> @limbernie said:

Learned important lessons from this machine:

  1. Always try harder, and don’t give up
  2. Never overlook the information gathering phase

I can’t imagine if this was a real penetration testing engagement. I’d have failed my client miserably.

Good machine @MrR3boot :+1:

Well said @limbernie. We should never overlook even if it’s a minute error message. Every error tells something to us. Bits never lie :wink:

Great machine, it took me a week and some help here and there.
Not sure if there is still a sort of unintended for root.
I was able to do it in both ways in the end, although I recognize I still have a knowledge gap to fill.
Thank you MrR3boot!

Welcome @halfluke

Spoiler Removed

Finally done !

Awesome box, very realistic, that’s a 100% why I’m on HTB.
Thank you again @MrR3boot , can’t wait to see Player 2 !

PM me if you need some hints :slight_smile:

Type your comment> @beorn said:

Finally done !

Awesome box, very realistic, that’s a 100% why I’m on HTB.
Thank you again @MrR3boot , can’t wait to see Player 2 !

PM me if you need some hints :slight_smile:

:wink:

Got user, and found the foothold for root. I know what I need to do now. This box is phenomenal @MrR3boot, nice work.

Type your comment> @farbs said:

Got user, and found the foothold for root. I know what I need to do now. This box is phenomenal @MrR3boot, nice work.

Thanks mate.

finally rooted!!
really nice box.

Rooted :slight_smile:

What a machine!! Congras @MrR3boot I enjoyed it in every step. One of the best machines in HTB.

  • User: Pay attention of all enumeration process, there are full of hints. After that, you have to think or search how files could have been processed (that is the very tricky part in my opinion). Road to user was amazing and some steps fascinating haha I enjoyed a lot!.

  • Root: Do common enumeration, you will see root doing some stuff, then try how to take advantage of that.

Anyways, PM for help.

Thank to @dr0ctag0n and @beorn to put my in the correct direction :tongue:

Just Rooted! O well that was super hard, at least for me!
Big thanks to @7sk and @beorn for their amazing help!

Special thanks to @MrR3boot for this amazing box that teached me a lot of new things :wink:

@Leonishan said:
Rooted :slight_smile:

What a machine!! Congras @MrR3boot I enjoyed it in every step. One of the best machines in HTB.

  • User: Pay attention of all enumeration process, there are full of hints. After that, you have to think or search how files could have been processed (that is the very tricky part in my opinion). Road to user was amazing and some steps fascinating haha I enjoyed a lot!.

  • Root: Do common enumeration, you will see root doing some stuff, then try how to take advantage of that.

Anyways, PM for help.

Thank to @dr0ctag0n and @beorn to put my in the correct direction :tongue:

@DaChef said:
Just Rooted! O well that was super hard, at least for me!
Big thanks to @7sk and @beorn for their amazing help!

Special thanks to @MrR3boot for this amazing box that teached me a lot of new things :wink:

Thanks for the feedback @Leonishan and @DaChef

Nice box, good job @MrR3boot

Cool box, really enjoyed it!

Got a hint that might get me somewhere, thank you, I’ll try tonight!

Found a hash value on somewhere. Probably SHA-1. But I can’t crack it. Any idea?

Using some interesting vulnerability I found credentials for a user to login to some service but that stuff is restricted beyond anything. Searching for ways to escape I found nothing that worked, even looking at the config didn’t offer anything there. Again using the vuln I found out that I can forward things and get a login to some other service but I can’t seem to get that to do code execution for me even though I am a super user on that service.

Any useful directions where to poke it with a stick?

I really enjoyed this box, user was really really cool. sup3r h4x0r. root was cool too. Really like it, cheers to the creator