Jarvis

I can’t get the lfi to work at r***.p&*=.
I’ve tried everything I know but nothing seems to work (n00b here).
Could anyone give me a hint for that?

@sn4k3r1tu4l : Perhaps it isn’t a LFI, but a different type of vulnerability?

Rooted… Very good and straight box, thx @manulqwerty and @Ghostpp7
PM me if you stuck and describe in detail what you did and what you have!

a simple hint,
enumerate GSUIDs

Pretty easy but fun. Seemed like there were a lot of different ways to accomplish things.

Rooted

Pfew, got user after some hours :tired_face:
Let’s move to the esc xD

Rooted :smiley:
That was a really fun box ! thx to the owners

Currenty have the wa shell and access to pm*n and am now stuck. any hint would be appreciated

So I have been trying to use sqli to get into the users of the website and see if I can’t get the passwords to be able to ssh in as ww-data. Is there an easier way to find the access in the account?

@gNarv3 said:
So I have been trying to use sqli to get into the users of the website and see if I can’t get the passwords to be able to ssh in as ww-data. Is there an easier way to find the access in the account?

one does not simply ssh as www-data, if you’re using sqli there’s one tool that can let you get a shell from exploiting such vuln…

Finally got around to doing this box. Unfortunately people kept resetting the box all the time, so I had to redo a lot of the first steps again and again.
The very last step for root gave me a lot of trouble until I decided to spend some time to get a better shell (S*H), then it was relatively easy with the right documentation.

If you need any hint, DM me with where you are at and what you have tried.

ROOTED!

Very interesting machine, I learned a lot from this. Thanks to @manulqwerty and @Ghostpp7

Foothold: using two well known sec tools is quite easy, but I still don’t get why people talk about spotting differences between page 1 and 6

User: I spent too much time here then I realized my mistake was a syntax error. Basic privesc and googling is enough

Root: Basic enumeration and googling, a link posted here some pages ago will give you all you need to get root

Probably without reading posts here I would have rated this box as “medium”. Well, if you need hints PM me! :slight_smile:

Hack The Box

Finally rooted,

!!! → pls DON’T remove files that other users created, is pretty selfish and useless.

PM me if you need some hints (and write your current situation :wink: )

Working on root now, but I think everyone should know that the comments “recommending” getting a better shell is actually more of a requirement, at least as I was trying to progress.

I had unknowingly figured out how to get user a long time ago, but it didn’t actually work until I upgraded my shell.

EDIT: Rooted! Happy to help anyone who’s stuck. All I ask is that you send me what you’ve already done and where you’re stuck.

finally got the user 10x to @Yerdua95 that confirm the right path i was.
i failed with the syntax but learned a lot about linux privilege escalation.

need help ? PM

Can somebody PM with a nudge on syntax or something for the initial foothold at .?c*=*?

I’m not sure if I’m supposed to be trying to catch a shell or serve a file from this point and I’ve been banging my head against it for two days.

EDIT: Got into an OS-shell, new things to bang my head against, thanks for the help ya’ll

Rooted! Big thanks to @hostilenode
@WhiteVoid and @ml19 for the initial hint!
My first “medium” dfficulty machine, cool experience!
Learned how to spawn fully interactive shell

Just finished, my first on the site :smile: Just a quick question.

I was wondering, at some point in the process I decided to use ssh (by setting a key), but after about 5 minutes connections reset and all the temporary files would be gone. But the system uptime did not reset.

It happened twice, then I fell back to just using a normal reverse shell, and it did not happen again. Is this some type of protection at HTB? Or was it just an unlucky consequent and someone pressed the reset button on the web ui?

Rooted, you can pm for nudge, privesc is much more simple than getting a shell