Scavenger

Finally rooted this box
What a nice box to say the least i really enjoyed all the way especially the user part there were lots of rabbitholes …really well done for the creator of this box @ompamo thank you i learned alot :slight_smile: … just i think that user was a bit more complicated then root
I would to thank all the people that helped me especially @Angel235 and @Seepckoa i wouldnt make it without you guys
I will drop some hints
For user :

  • You need to find all what you can about the box and really enumurate everything , once you see the lower port in which you will be asked to query something once you found it is vulnerable do more enumuration you to Dig all the way around
  • Once you found what you are looking redo a step that you made before you will find what the http port is asking you , you will have your hat xD , do more enumurations you will get the user flag but with restricted access by analysing some p**p file you will find some creds use them to your advance
    For root :
  • You need to do some googling when you find that file

@lfabname said:
Finally rooted this box
What a nice box to say the least i really enjoyed all the way especially the user part there were lots of rabbitholes …really well done for the creator of this box @ompamo thank you i learned alot :slight_smile: … just i think that user was a bit more complicated then root
I would to thank all the people that helped me especially @Angel235 and @Seepckoa i wouldnt make it without you guys
I will drop some hints
For user :

  • You need to find all what you can about the box and really enumurate everything , once you see the lower port in which you will be asked to query something once you found it is vulnerable do more enumuration you to Dig all the way around
  • Once you found what you are looking redo a step that you made before you will find what the http port is asking you , you will have your hat xD , do more enumurations you will get the user flag but with restricted access by analysing some p**p file you will find some creds use them to your advance
    For root :
  • You need to do some googling when you find that file

No problem, and congratulations, after a moment of work, you have succeeded. The advices of @lfabname are well explained.

Finally rooted. What a fun one! This was the first time I attempted a new box that didn’t have many hints, but that turned out to be an experience.

got the vhosts after the s**i aaaaand im stuck. What am i missing here ? i enumerated everything. any hints ?

@awkward said:
got the vhosts after the s**i aaaaand im stuck. What am i missing here ? i enumerated everything. any hints ?

You didn’t enumerate everything, go back and do your basic steps again

This is one old-school style HTB box! Reminded me of some of the classic early nix boxes that were released, such as popcorn, beep and cronos, for some reason. It would be a good practice box for those preparing for the OSCP exam as well. Great job @ompamo - I can tell a fair bit of effort went into creating this one. Cheers and I hope you make more.

Wow, finally rooted after three days of intense work and learning. Hardest box I’ve ever done, had to pull on bits of knowledge from just about every box I’ve done so far.

Incredibly cool box and had a ton of fun doing it. @ompamo you did an absolutely fantastic job. Look forward to your future boxes.

Also gotta say thanks to @Jacker31 for the hints and emotional support ■■■■.

Staring this stupid insect in the eyes right now… I’m in, but need some clarity. Any nudges?

@farbs said:
Staring this stupid insect in the eyes right now… I’m in, but need some clarity. Any nudges?

The stupid insect’s eyes hide a valued secret at plain sight (you could think it’s from someone else). And it’s willing to share it with you without knowing who you are.

I hope this is not spoiler lol.

@delo said:

This is one old-school style HTB box! Reminded me of some of the classic early nix boxes that were released, such as popcorn, beep and cronos, for some reason. It would be a good practice box for those preparing for the OSCP exam as well. Great job @ompamo - I can tell a fair bit of effort went into creating this one. Cheers and I hope you make more.

@mech said:

Wow, finally rooted after three days of intense work and learning. Hardest box I’ve ever done, had to pull on bits of knowledge from just about every box I’ve done so far.

Incredibly cool box and had a ton of fun doing it. @ompamo you did an absolutely fantastic job. Look forward to your future boxes.

Also gotta say thanks to @Jacker31 for the hints and emotional support ■■■■.

Thanks, appreciate your comments!

Type your comment> @farbs said:

Staring this stupid insect in the eyes right now… I’m in, but need some clarity. Any nudges?

Enunerate with bigger dicts…

hey , i manage to have RCE and i made a python script to do it , also found some creds which i only can use them to F** but i cant do nothing there. Can anyone send me a pm with a hint ?? thanks

any nudge on getting root??

Type your comment> @Tohzzicklao said:

@farbs said:
Staring this stupid insect in the eyes right now… I’m in, but need some clarity. Any nudges?

The stupid insect’s eyes hide a valued secret at plain sight (you could think it’s from someone else). And it’s willing to share it with you without knowing who you are. It’s not the smartest of the insects.

I hope this is not spoiler lol.

Not a spoiler. But I’ve already found what you’re referring too and can’t latch on.

@farbs said:
Not a spoiler. But I’ve already found what you’re referring too and can’t latch on.

If you found it, find the right parameter to make it work.

Type your comment> @Tohzzicklao said:

@farbs said:
Staring this stupid insect in the eyes right now… I’m in, but need some clarity. Any nudges?

The stupid insect’s eyes hide a valued secret at plain sight (you could think it’s from someone else). And it’s willing to share it with you without knowing who you are. It’s not the smartest of the insects.

I hope this is not spoiler lol.

Are you referring to the public vuln? Because I haven’t been able to make it work.

Type your comment> @Tohzzicklao said:

@farbs said:
Staring this stupid insect in the eyes right now… I’m in, but need some clarity. Any nudges?

The stupid insect’s eyes hide a valued secret at plain sight (you could think it’s from someone else). And it’s willing to share it with you without knowing who you are.

I hope this is not spoiler lol.

Stucked here too atm, I am in the guts of the insect but because its a ‘young’ insect, found no public weaknesses.
Appart from a few internal paths, did not find anything interesting :frowning:

Finally rooted !

Really challenging box, thanks to the author for creating this box and to @Seepckoa (merci mec !) and @julianjm for the help :).

I’d be happy to help if needed, don’t hesitate to DM

Type your comment> @Greenou said:

Type your comment> @Tohzzicklao said:

@farbs said:
Staring this stupid insect in the eyes right now… I’m in, but need some clarity. Any nudges?

The stupid insect’s eyes hide a valued secret at plain sight (you could think it’s from someone else). And it’s willing to share it with you without knowing who you are.

I hope this is not spoiler lol.

Stucked here too atm, I am in the guts of the insect but because its a ‘young’ insect, found no public weaknesses.
Appart from a few internal paths, did not find anything interesting :frowning:

Maybe you’ll need to try bigger dicts to find it. No need to get into the guts of the insect. And read carefully my words between brackets xD

Type your comment> @Tohzzicklao said:

Type your comment> @Greenou said:

Type your comment> @Tohzzicklao said:

@farbs said:
Staring this stupid insect in the eyes right now… I’m in, but need some clarity. Any nudges?

The stupid insect’s eyes hide a valued secret at plain sight (you could think it’s from someone else). And it’s willing to share it with you without knowing who you are.

I hope this is not spoiler lol.

Stucked here too atm, I am in the guts of the insect but because its a ‘young’ insect, found no public weaknesses.
Appart from a few internal paths, did not find anything interesting :frowning:

Maybe you’ll need to try bigger dicts to find it. No need to get into the guts of the insect. And read carefully my words between brackets xD

God damnit. That’s what I get for running my wordlist through a proxy.
Thanks for the hint, not user yet but I guess I’m pretty close !