Scavenger

got the vhosts after the s**i aaaaand im stuck. What am i missing here ? i enumerated everything. any hints ?

@awkward said:
got the vhosts after the s**i aaaaand im stuck. What am i missing here ? i enumerated everything. any hints ?

You didn’t enumerate everything, go back and do your basic steps again

This is one old-school style HTB box! Reminded me of some of the classic early nix boxes that were released, such as popcorn, beep and cronos, for some reason. It would be a good practice box for those preparing for the OSCP exam as well. Great job @ompamo - I can tell a fair bit of effort went into creating this one. Cheers and I hope you make more.

Wow, finally rooted after three days of intense work and learning. Hardest box I’ve ever done, had to pull on bits of knowledge from just about every box I’ve done so far.

Incredibly cool box and had a ton of fun doing it. @ompamo you did an absolutely fantastic job. Look forward to your future boxes.

Also gotta say thanks to @Jacker31 for the hints and emotional support ■■■■.

Staring this stupid insect in the eyes right now… I’m in, but need some clarity. Any nudges?

@farbs said:
Staring this stupid insect in the eyes right now… I’m in, but need some clarity. Any nudges?

The stupid insect’s eyes hide a valued secret at plain sight (you could think it’s from someone else). And it’s willing to share it with you without knowing who you are.

I hope this is not spoiler lol.

@delo said:

This is one old-school style HTB box! Reminded me of some of the classic early nix boxes that were released, such as popcorn, beep and cronos, for some reason. It would be a good practice box for those preparing for the OSCP exam as well. Great job @ompamo - I can tell a fair bit of effort went into creating this one. Cheers and I hope you make more.

@mech said:

Wow, finally rooted after three days of intense work and learning. Hardest box I’ve ever done, had to pull on bits of knowledge from just about every box I’ve done so far.

Incredibly cool box and had a ton of fun doing it. @ompamo you did an absolutely fantastic job. Look forward to your future boxes.

Also gotta say thanks to @Jacker31 for the hints and emotional support ■■■■.

Thanks, appreciate your comments!

Type your comment> @farbs said:

Staring this stupid insect in the eyes right now… I’m in, but need some clarity. Any nudges?

Enunerate with bigger dicts…

hey , i manage to have RCE and i made a python script to do it , also found some creds which i only can use them to F** but i cant do nothing there. Can anyone send me a pm with a hint ?? thanks

any nudge on getting root??

Type your comment> @Tohzzicklao said:

@farbs said:
Staring this stupid insect in the eyes right now… I’m in, but need some clarity. Any nudges?

The stupid insect’s eyes hide a valued secret at plain sight (you could think it’s from someone else). And it’s willing to share it with you without knowing who you are. It’s not the smartest of the insects.

I hope this is not spoiler lol.

Not a spoiler. But I’ve already found what you’re referring too and can’t latch on.

@farbs said:
Not a spoiler. But I’ve already found what you’re referring too and can’t latch on.

If you found it, find the right parameter to make it work.

Type your comment> @Tohzzicklao said:

@farbs said:
Staring this stupid insect in the eyes right now… I’m in, but need some clarity. Any nudges?

The stupid insect’s eyes hide a valued secret at plain sight (you could think it’s from someone else). And it’s willing to share it with you without knowing who you are. It’s not the smartest of the insects.

I hope this is not spoiler lol.

Are you referring to the public vuln? Because I haven’t been able to make it work.

Type your comment> @Tohzzicklao said:

@farbs said:
Staring this stupid insect in the eyes right now… I’m in, but need some clarity. Any nudges?

The stupid insect’s eyes hide a valued secret at plain sight (you could think it’s from someone else). And it’s willing to share it with you without knowing who you are.

I hope this is not spoiler lol.

Stucked here too atm, I am in the guts of the insect but because its a ‘young’ insect, found no public weaknesses.
Appart from a few internal paths, did not find anything interesting :frowning:

Finally rooted !

Really challenging box, thanks to the author for creating this box and to @Seepckoa (merci mec !) and @julianjm for the help :).

I’d be happy to help if needed, don’t hesitate to DM

Type your comment> @Greenou said:

Type your comment> @Tohzzicklao said:

@farbs said:
Staring this stupid insect in the eyes right now… I’m in, but need some clarity. Any nudges?

The stupid insect’s eyes hide a valued secret at plain sight (you could think it’s from someone else). And it’s willing to share it with you without knowing who you are.

I hope this is not spoiler lol.

Stucked here too atm, I am in the guts of the insect but because its a ‘young’ insect, found no public weaknesses.
Appart from a few internal paths, did not find anything interesting :frowning:

Maybe you’ll need to try bigger dicts to find it. No need to get into the guts of the insect. And read carefully my words between brackets xD

Type your comment> @Tohzzicklao said:

Type your comment> @Greenou said:

Type your comment> @Tohzzicklao said:

@farbs said:
Staring this stupid insect in the eyes right now… I’m in, but need some clarity. Any nudges?

The stupid insect’s eyes hide a valued secret at plain sight (you could think it’s from someone else). And it’s willing to share it with you without knowing who you are.

I hope this is not spoiler lol.

Stucked here too atm, I am in the guts of the insect but because its a ‘young’ insect, found no public weaknesses.
Appart from a few internal paths, did not find anything interesting :frowning:

Maybe you’ll need to try bigger dicts to find it. No need to get into the guts of the insect. And read carefully my words between brackets xD

God damnit. That’s what I get for running my wordlist through a proxy.
Thanks for the hint, not user yet but I guess I’m pretty close !

Rooted. This box is underrated IMO. Can see that a lot of thought went into putting it together and it’s creative. thanks @ompamo

Hints for user: after the initial entry point, you’ll be enumerating a lot. By enumerating I mean searching for stuff using methods you probably already know. there are quite a few rabbit holes you can go down and I probably went down them all. this is more of a test of your process and methodology than anything else. And don’t bother with the slow thing, made my VM unusable. fortunately you don’t need it for anything. in fact a proper shell is not required for anything on this box.

Hints for root: here google will help you out. much more direct than getting user. but google alone won’t get the job done.

PM for hints.

Got root after a long time, I missed a small thing but I finally did it. PM for hints if you are stuck!

Finally got user. Big thanks to @ciscopass.

Now on my way to root. Hints are appreciated.