Finally rooted this box
What a nice box to say the least i really enjoyed all the way especially the user part there were lots of rabbitholes …really well done for the creator of this box @ompamo thank you i learned alot … just i think that user was a bit more complicated then root
I would to thank all the people that helped me especially @Angel235 and @Seepckoa i wouldnt make it without you guys
I will drop some hints
For user :
You need to find all what you can about the box and really enumurate everything , once you see the lower port in which you will be asked to query something once you found it is vulnerable do more enumuration you to Dig all the way around
Once you found what you are looking redo a step that you made before you will find what the http port is asking you , you will have your hat xD , do more enumurations you will get the user flag but with restricted access by analysing some p**p file you will find some creds use them to your advance
For root :
You need to do some googling when you find that file
@lfabname said:
Finally rooted this box
What a nice box to say the least i really enjoyed all the way especially the user part there were lots of rabbitholes …really well done for the creator of this box @ompamo thank you i learned alot … just i think that user was a bit more complicated then root
I would to thank all the people that helped me especially @Angel235 and @Seepckoa i wouldnt make it without you guys
I will drop some hints
For user :
You need to find all what you can about the box and really enumurate everything , once you see the lower port in which you will be asked to query something once you found it is vulnerable do more enumuration you to Dig all the way around
Once you found what you are looking redo a step that you made before you will find what the http port is asking you , you will have your hat xD , do more enumurations you will get the user flag but with restricted access by analysing some p**p file you will find some creds use them to your advance
For root :
You need to do some googling when you find that file
No problem, and congratulations, after a moment of work, you have succeeded. The advices of @lfabname are well explained.
This is one old-school style HTB box! Reminded me of some of the classic early nix boxes that were released, such as popcorn, beep and cronos, for some reason. It would be a good practice box for those preparing for the OSCP exam as well. Great job @ompamo - I can tell a fair bit of effort went into creating this one. Cheers and I hope you make more.
Wow, finally rooted after three days of intense work and learning. Hardest box I’ve ever done, had to pull on bits of knowledge from just about every box I’ve done so far.
Incredibly cool box and had a ton of fun doing it. @ompamo you did an absolutely fantastic job. Look forward to your future boxes.
Also gotta say thanks to @Jacker31 for the hints and emotional support ■■■■.
@farbs said:
Staring this stupid insect in the eyes right now… I’m in, but need some clarity. Any nudges?
The stupid insect’s eyes hide a valued secret at plain sight (you could think it’s from someone else). And it’s willing to share it with you without knowing who you are.
This is one old-school style HTB box! Reminded me of some of the classic early nix boxes that were released, such as popcorn, beep and cronos, for some reason. It would be a good practice box for those preparing for the OSCP exam as well. Great job @ompamo - I can tell a fair bit of effort went into creating this one. Cheers and I hope you make more.
Wow, finally rooted after three days of intense work and learning. Hardest box I’ve ever done, had to pull on bits of knowledge from just about every box I’ve done so far.
Incredibly cool box and had a ton of fun doing it. @ompamo you did an absolutely fantastic job. Look forward to your future boxes.
Also gotta say thanks to @Jacker31 for the hints and emotional support ■■■■.
hey , i manage to have RCE and i made a python script to do it , also found some creds which i only can use them to F** but i cant do nothing there. Can anyone send me a pm with a hint ?? thanks
@farbs said:
Staring this stupid insect in the eyes right now… I’m in, but need some clarity. Any nudges?
The stupid insect’s eyes hide a valued secret at plain sight (you could think it’s from someone else). And it’s willing to share it with you without knowing who you are. It’s not the smartest of the insects.
I hope this is not spoiler lol.
Not a spoiler. But I’ve already found what you’re referring too and can’t latch on.
@farbs said:
Staring this stupid insect in the eyes right now… I’m in, but need some clarity. Any nudges?
The stupid insect’s eyes hide a valued secret at plain sight (you could think it’s from someone else). And it’s willing to share it with you without knowing who you are. It’s not the smartest of the insects.
I hope this is not spoiler lol.
Are you referring to the public vuln? Because I haven’t been able to make it work.
@farbs said:
Staring this stupid insect in the eyes right now… I’m in, but need some clarity. Any nudges?
The stupid insect’s eyes hide a valued secret at plain sight (you could think it’s from someone else). And it’s willing to share it with you without knowing who you are.
I hope this is not spoiler lol.
Stucked here too atm, I am in the guts of the insect but because its a ‘young’ insect, found no public weaknesses.
Appart from a few internal paths, did not find anything interesting
@farbs said:
Staring this stupid insect in the eyes right now… I’m in, but need some clarity. Any nudges?
The stupid insect’s eyes hide a valued secret at plain sight (you could think it’s from someone else). And it’s willing to share it with you without knowing who you are.
I hope this is not spoiler lol.
Stucked here too atm, I am in the guts of the insect but because its a ‘young’ insect, found no public weaknesses.
Appart from a few internal paths, did not find anything interesting
Maybe you’ll need to try bigger dicts to find it. No need to get into the guts of the insect. And read carefully my words between brackets xD
@farbs said:
Staring this stupid insect in the eyes right now… I’m in, but need some clarity. Any nudges?
The stupid insect’s eyes hide a valued secret at plain sight (you could think it’s from someone else). And it’s willing to share it with you without knowing who you are.
I hope this is not spoiler lol.
Stucked here too atm, I am in the guts of the insect but because its a ‘young’ insect, found no public weaknesses.
Appart from a few internal paths, did not find anything interesting
Maybe you’ll need to try bigger dicts to find it. No need to get into the guts of the insect. And read carefully my words between brackets xD
God damnit. That’s what I get for running my wordlist through a proxy.
Thanks for the hint, not user yet but I guess I’m pretty close !