onetwoseven

What a box.
As others say it’s probably the most interesting box I’ve seen (although I’m a n00b)

Thanks a lot @jkr
I can’t even begin to imagine how difficult is to plan such a box

Thanks again

ive played with the zelda thing. i took a peek at the /home directory using webbrowser. then i tried zelda again to other places then get presented with “Failure”. i tried my working syntax that enabled me to peek but it also turned out to be “Failure”. anyone can help me please?

Hello,

I am still blocked at the upload part. I was having issues with the “Unknown Plugin Type”, but now I am sending requests and just getting 200 OK with no messages at all.

I reviewed the script, but not able to properly execute it. I know there is a mention about the h*****s rules but don’t get how to play with them.

Coould someone please help me to clarify what I am not seeing to properly upload my file?

PP

Type your comment> @pp123 said:

Hello,

I am still blocked at the upload part. I was having issues with the “Unknown Plugin Type”, but now I am sending requests and just getting 200 OK with no messages at all.

I reviewed the script, but not able to properly execute it. I know there is a mention about the h*****s rules but don’t get how to play with them.

Coould someone please help me to clarify what I am not seeing to properly upload my file?

PP

Same here - currently working on that.
You might want to check the first line in other p***ns. It could be the reason why you don’t get any message and only a 200 HTTP code. So it probably has to be accessed in another way, not directly :smiley: - I’ve tried a bunch of stuff but didn’t find the correct way yet.

EDIT: got it :smiley: (i was right on the above)

I’ve enumerated as much as I can think to enumerate via sftp. I can’t figure out how some of you are retrieving the user.txt that way but I’m not too worried as I should be able to get it another way. Based on the comments, I’m pretty sure I’ve discovered all of the details I need to continue but I’m stuck at the tunnel part. That’s not something I’m very familiar with and I’ve tried several different methods but just can’t wrap my head around what exactly I need to do to get to the A***n page. I know it involves certain s** options, a browser setting and possibly a hosts edit. If someone could PM me a nudge on the tunneling part, I might have an aha moment!

Edit: Finally got the tunnel to work. Thanks @six2dez for the tip!

Rooted! PM if you need help

Rooted. Hooooly ■■■■ what a ride. PM if you need help. Didn’t really understand why everyone thought it was so great when going for user and was frustrated. After getting user and going onto root, i get it. Amazing box!!!

Type your comment> @jaywon said:

Rooted. Hooooly ■■■■ what a ride. PM if you need help. Didn’t really understand why everyone thought it was so great when going for user and was frustrated. After getting user and going onto root, i get it. Amazing box!!!

Hey man can you give me a nudge on uploading? I read the files the re…ru… i got its gist but my params or the submission canot upload a file

Type your comment> @govsec said:

Type your comment> @jaywon said:

Rooted. Hooooly ■■■■ what a ride. PM if you need help. Didn’t really understand why everyone thought it was so great when going for user and was frustrated. After getting user and going onto root, i get it. Amazing box!!!

Hey man can you give me a nudge on uploading? I read the files the re…ru… i got its gist but my params or the submission canot upload a file

Don’t wanna give too much, can DM if needed but if you’re looking in the right place there’s not just one method for entry in that place and think about the whole URI.

Now this was one of my favorites boxes on HtB! Gratz @jkr ! Not sure I did it in the intended way though as I didn’t follow the M**M blog you guys posted on here.

Type your comment> @salute101 said:

can someone pm me some hints on root part?

still waiting lol.

Could someone give me a nudge for how to find the file with admin credentials?

Have been enumerating the page (can access the login part fine) but not finding anything. I didn’t see anything where I got user.txt from that would help.

That was by far the most difficult/satisfying box I’ve done.

Wow.

Big thanks to @flipflop139874 for helping me dig myself out of a massive rabbit hole I’d dug myself into on root. Feel free to PM me with any questions.

I would appreciate a nudge if someone is willing to pm me.

I can get to the admin panel’s login page, but don’t have the credentials. Nothing I can see in the sftp account other than p********l.

I managed to get a user shell, but I can’t find the flag. Assuming it’s under a user.txt file I ran a find command to search for it, but didn’t find anything. Any help, please?
[EDIT]: Kudos to @46and2 for helping me out.
If you are also stuck on this, don’t get fooled by patterns like me, focus on the content of the admin panel.

Ermergherd, ME and this root process are not working out lol. I currently have a shell with w**-a****-d*** and I know WHAT I am supposed to exploit, however I do not know HOW to exploit a**. I have watched several videos on this as well as a couple tutorials but I have come up with nadda! If anyone has a moment to give me a helping hand so I can learn how the heck to do this, that would be spectacular.

Thanks All

Someone I can PM for root? I know what I have to do, but I don’t know how exactly. A bit of help would be awesome!

Goot root. Very enjoyable box, PM if you need a hand.

could someone ping me about how to figure out the deal with the osmn, im trying to do the whole upload ting, but i have tried googling for information but i am not having much luck :slight_smile:
I believe it might have something todo with w*ps or some kind of module

I might need to specify a bit more… i am not looking for hints towards how to do it, but i am trying to understand the “path of thought”, if that makes any sense.

Type your comment> @R4J said:

what can we do with sftp?