Zetta

Got user last night… working on root (it’s about building a good dict, right?)

A tip for user: the web page has details on what to try… check that 60%

Type your comment> @julianjm said:

Got user last night… working on root (it’s about building a good dict, right?)

A tip for user: the web page has details on what to try… check that 60%

I was wondering same, incomplete things are always exploitable, but didn’t find more details about Du**-**ck. Can you help me in right direction?
Thanks in advanced.

Do we need to get an IPv6 address somehow?

Type your comment> @D4nch3n said:

Do we need to get an IPv6 address somehow?

yup.

Got the IPV6 address, no idea where to go now

Stuck at r***c modules.
Could somebody give me hints about next step?
Tnx in advance.

EDIT: Got user, tnx. Working on root.

Type your comment> @Boxito said:

Stuck at r***c modules.
Could somebody give me hints about next step?
Tnx in advance.

If you’ve got the list of modules, there’s some hidden ones. Think about what folders are interesting on most linux systems.

Got user thanks to @v1p3r0u5, now onto root

Type your comment> @clubby789 said:

Got user thanks to @v1p3r0u5, now onto root

While there are many interesting items in the hidden module, I am not seeing any that lead to another hidden module (or user?), unless brute-forcing or spraying is part of solution (which typically is not on HTB)… Perhaps I am overlooking something?

@ue4dai said:
While there are many interesting items in the hidden module, I am not seeing any that lead to another hidden module (or user?), unless brute-forcing or spraying is part of solution (which typically is not on HTB)… Perhaps I am overlooking something?

Upload access requires a custom script (or rewriting another) to brute force with ro****u.txt

Do I have to watch “The IT Crowd” in order to make sense of what’s going on?

@limbernie
http://giphygifs.s3.amazonaws.com/media/LdsJrFnANh6HS/giphy.gif

i heard you're a big deal around here.
don't make me laugh
i'm just not into that circle-jerking ■■■■

got better things to do than that fat waste of time
making your boxes mine with exploits and rhymes

my machine is a weapon
patched drivers;
wi-fi packet injection

race condition
xchg rax, rsp
pivot to ascension 

your skills ain't even worth a mention
shut up and listen; now class is in session
you don't know how to hack.
see me in detention

Just to keep this on topic I thought I’d say that I’m really enjoying this challenge so far. Thanks @jkr.

Nice poetry :lol:

Type your comment> @limbernie said:

Nice poetry :lol:

thanks
but you gotta step up bro

Type your comment> @limbernie said:

Do I have to watch “The IT Crowd” in order to make sense of what’s going on?

You don’t have to, but you should. It’s big fun ?

got root niice

Could anyone hint me in the right direction for the initial step(s) please? I’ve found the (useless and random?) ftp but nothing else really. Couldn’t enumerate more than that

@rowra said:

Could anyone hint me in the right direction for the initial step(s) please? I’ve found the (useless and random?) ftp but nothing else really. Couldn’t enumerate more than that

FTP is definitely not useless. Read the specific technologies mentioned on the homepage, and remember, incomplete is often exploitable.

No idea where to go after user, seen a couple of g** r***s, but can’t find anything interesting in there.

Is it just me, or did the user password change since yesterday? (Have tried both eu and us, and reset machine on each.)

@ue4dai said:

Is it just me, or did the user password change since yesterday? (Have tried both eu and us, and reset machine on each.)
The address changes, but the password used to get into r**** seems to be the same