Very cool and funny box. As i understand correctly there are possibility to root box without getting user. If you have a questions just PM me i can help you
Basic hint: A lot of enumeration of names/services/versions/files
Spoiler Removed
Rooted. Thanks, @MrR3boot for such a great machine.
User - A lot of enumeration and googling. Google every piece which you find odd. It will be a long ride.
Root - Very easy. Took me just 5 mins. Look closely at the processes and dots will connect.
hey can i PM someone about the path for the initail foothold exploit
Nice box @MrR3boot! User was really nice, got stuck a couple of times. Root wasnāt that hard compared to user.
@MrR3boot Thanks for this box, i really appriciated the experience
*I actually feel i gained more knowledge from the root part than the user, but user was fun fun fun.
User is really torturous; had to dive into the source for this one.
Root was really easy though.
Thank you for the box @MrR3boot
Type your comment> @ScreenSlav3r said:
Type your comment> @sneakypanda said:
Interested in what people recommend for vhost enumeration tools. I have havenāt had any luck getting one of these going.
Wfuzz
Iāve tried that without luck. Think I must be looking in the wrong place. Would appreciate a nudge.
Try Smarter @sneakypanda. Thanks for the feedback @weelye, @Ketil , @mooncak3, @gustystream, @combinator, @hackforfun and @Kucharskov. Hope you had fun with the box.
is there anything to do with the default domain, or is it just rabbit hole?
EDIT: nvm, got it.
Spoiler Removed
I have absolutely no idea how people guessed right way to file in process.
If you are trying to enumerate all what you can, and then somehow combine it to way-to-go this is not that kind of machine, at least it is not for footholdās file in process.
Okay, need a nudge. I donāt understand what I am missing.
so enumerated vhosts. have a few of those found. one seems pointless as it is just javascript and pictures. read through the text though. it looks like a hint that i dont get. with two others i feel like i did everything I could, but i cant guess the greds for the d**.er.htb and canāt find anything at stg.****er.htb. found bak file. but i have no idea where to use the string from it.
could somebody give me a hint? i am very confused with all of the enumeration here
do we need a special wordlist in order to crack the hash for the web service on d*?
UPDATE: others said that rockyou should work for everything here at HTB. so there should be another way in, not just cracking the hash.
Iām really stuck on getting anything that the hints from the c*** vh*** are saying. I have gobustered everything and looked at everything, but just canāt see where to go from next. i feel like the response from the con****.p** is telling me something but I just donāt know what to do with it. Ahhhhhhh
What could possibly be done with this uploading?
EDIT: Without knowing how uploading work it is really hard to highlight useful vuln from tons of strange search results.
Iāve just started exploring , however Iām having timeouts with this box on vip server.
Rebooted - still doesnāt work.
Is it a bug or a feature?
got some creds and now stuck at l*ll. Trying to escape but very few doors. any hint would be appreciated.
Awesome box just, rooted thanks so much @MrR3boot one of the harder boxes that Iāve done but super satisfying!