Zetta

google :slight_smile:

from the show '‘the it crowd’

@rowra said:
yup. ftp supports fxp too, don’t know what to do with any of these informations though.

@charlesjameson where’d you find those other creds? Can’t find anything else other than the 32chars for ftp on the page

Can’t seem to log in to FTP with provided creds?
Nevermind, I was trying to login to SFTP

i find some open ports by doing f*p attack , but i don’t know how to benefit from that , can someone give a nudge on what to do next ??

Are others getting FTP command timeouts (even after apparently successful login, seen by looking at traffic, raw ftp commands, or curl -v flag)…

Also, not seeing anything beyond the index page on 80/tcp going light with gobuster so as to not hammer the box…

Hrm.^H

Edit: Ah, passive, you deceiver you.

found access to ftp
Could somebody give hints about next step after ftp?

As any 32 chars username and password is valid i’m wondering if some user left something interesting in some account folder… but which one?

I think it’s something about passive and fxp maybe.

Cool, I lol-ed so hard when i saw the IT crowd reference.

Got user last night… working on root (it’s about building a good dict, right?)

A tip for user: the web page has details on what to try… check that 60%

Type your comment> @julianjm said:

Got user last night… working on root (it’s about building a good dict, right?)

A tip for user: the web page has details on what to try… check that 60%

I was wondering same, incomplete things are always exploitable, but didn’t find more details about Du**-**ck. Can you help me in right direction?
Thanks in advanced.

Do we need to get an IPv6 address somehow?

Type your comment> @D4nch3n said:

Do we need to get an IPv6 address somehow?

yup.

Got the IPV6 address, no idea where to go now

Stuck at r***c modules.
Could somebody give me hints about next step?
Tnx in advance.

EDIT: Got user, tnx. Working on root.

Type your comment> @Boxito said:

Stuck at r***c modules.
Could somebody give me hints about next step?
Tnx in advance.

If you’ve got the list of modules, there’s some hidden ones. Think about what folders are interesting on most linux systems.

Got user thanks to @v1p3r0u5, now onto root

Type your comment> @clubby789 said:

Got user thanks to @v1p3r0u5, now onto root

While there are many interesting items in the hidden module, I am not seeing any that lead to another hidden module (or user?), unless brute-forcing or spraying is part of solution (which typically is not on HTB)… Perhaps I am overlooking something?

@ue4dai said:
While there are many interesting items in the hidden module, I am not seeing any that lead to another hidden module (or user?), unless brute-forcing or spraying is part of solution (which typically is not on HTB)… Perhaps I am overlooking something?

Upload access requires a custom script (or rewriting another) to brute force with ro****u.txt

Do I have to watch “The IT Crowd” in order to make sense of what’s going on?

@limbernie
http://giphygifs.s3.amazonaws.com/media/LdsJrFnANh6HS/giphy.gif

i heard you're a big deal around here.
don't make me laugh
i'm just not into that circle-jerking ■■■■

got better things to do than that fat waste of time
making your boxes mine with exploits and rhymes

my machine is a weapon
patched drivers;
wi-fi packet injection

race condition
xchg rax, rsp
pivot to ascension 

your skills ain't even worth a mention
shut up and listen; now class is in session
you don't know how to hack.
see me in detention

Just to keep this on topic I thought I’d say that I’m really enjoying this challenge so far. Thanks @jkr.