onetwoseven

Now this was one of my favorites boxes on HtB! Gratz @jkr ! Not sure I did it in the intended way though as I didn’t follow the M**M blog you guys posted on here.

Type your comment> @salute101 said:

can someone pm me some hints on root part?

still waiting lol.

Could someone give me a nudge for how to find the file with admin credentials?

Have been enumerating the page (can access the login part fine) but not finding anything. I didn’t see anything where I got user.txt from that would help.

That was by far the most difficult/satisfying box I’ve done.

Wow.

Big thanks to @flipflop139874 for helping me dig myself out of a massive rabbit hole I’d dug myself into on root. Feel free to PM me with any questions.

I would appreciate a nudge if someone is willing to pm me.

I can get to the admin panel’s login page, but don’t have the credentials. Nothing I can see in the sftp account other than p********l.

I managed to get a user shell, but I can’t find the flag. Assuming it’s under a user.txt file I ran a find command to search for it, but didn’t find anything. Any help, please?
[EDIT]: Kudos to @46and2 for helping me out.
If you are also stuck on this, don’t get fooled by patterns like me, focus on the content of the admin panel.

Ermergherd, ME and this root process are not working out lol. I currently have a shell with w**-a****-d*** and I know WHAT I am supposed to exploit, however I do not know HOW to exploit a**. I have watched several videos on this as well as a couple tutorials but I have come up with nadda! If anyone has a moment to give me a helping hand so I can learn how the heck to do this, that would be spectacular.

Thanks All

Someone I can PM for root? I know what I have to do, but I don’t know how exactly. A bit of help would be awesome!

Goot root. Very enjoyable box, PM if you need a hand.

could someone ping me about how to figure out the deal with the osmn, im trying to do the whole upload ting, but i have tried googling for information but i am not having much luck :slight_smile:
I believe it might have something todo with w*ps or some kind of module

I might need to specify a bit more… i am not looking for hints towards how to do it, but i am trying to understand the “path of thought”, if that makes any sense.

Type your comment> @R4J said:

what can we do with sftp?

Anyone can give a hint on user?

I am almost done, but cannot get the ag to actually fetch a p. Could anyone let me know which one they used?

Type your comment> @R4J said:

Starting the discussion :stuck_out_tongue:

hello I have the w**-a****-d*** shell and i checked what can I do with ‘sudo -l’, but I don’t see the way to exploit it. On internet I saw if u pass parameters to ‘a**-g**’ you can call commands but then it asks me the user’s password. Any tip/hint for root flag?

Didn’t think I would need to come to the forum but after trying every sp command, I’m completely lost. Trying to tunnel doesn’t work as it seems to be dis*** from the remote server looking at the debug output from s**. Would need some nudge.

I’m really stuck. I can use sftp to upload a php webshell and access it from the browser without success. I hit the shell but access is forbidden. I can also use ssh to tunnel to the admin place, but can’t see anything other than a blank 200 OK…

UPDATE: I’ve managed to gain access to the admin page within the browser…still no user or root.

need nudge how to tunnel to that port since no creds work with ssh (including the one found from log**.p**.sw*)

got reverse shell but no user.txt till now should i need to esclate to 12* user ?

got user thx to @Ketil , user part was very smart

Can somebody please give me a hand using sym**nk to get anything meaningful?