Player

Very cool and funny box. As i understand correctly there are possibility to root box without getting user. If you have a questions just PM me i can help you :slight_smile:
Basic hint: A lot of enumeration of names/services/versions/files

Spoiler Removed

Rooted. Thanks, @MrR3boot for such a great machine.
User - A lot of enumeration and googling. Google every piece which you find odd. It will be a long ride.
Root - Very easy. Took me just 5 mins. Look closely at the processes and dots will connect.

hey can i PM someone about the path for the initail foothold exploit

Nice box @MrR3boot! User was really nice, got stuck a couple of times. Root wasnā€™t that hard compared to user.

@MrR3boot Thanks for this box, i really appriciated the experience :slight_smile:

*I actually feel i gained more knowledge from the root part than the user, but user was fun fun fun.

User is really torturous; had to dive into the source for this one.
Root was really easy though.

Thank you for the box @MrR3boot

Type your comment> @ScreenSlav3r said:

Type your comment> @sneakypanda said:

Interested in what people recommend for vhost enumeration tools. I have havenā€™t had any luck getting one of these going.

Wfuzz

Iā€™ve tried that without luck. Think I must be looking in the wrong place. Would appreciate a nudge.

Try Smarter @sneakypanda. Thanks for the feedback @weelye, @Ketil , @mooncak3, @gustystream, @combinator, @hackforfun and @Kucharskov. Hope you had fun with the box.

Great box !! finaly Rooted thank to @MrR3boot !!!

is there anything to do with the default domain, or is it just rabbit hole?

EDIT: nvm, got it.

Spoiler Removed

I have absolutely no idea how people guessed right way to file in process.
If you are trying to enumerate all what you can, and then somehow combine it to way-to-go this is not that kind of machine, at least it is not for footholdā€™s file in process.

Okay, need a nudge. I donā€™t understand what I am missing.
so enumerated vhosts. have a few of those found. one seems pointless as it is just javascript and pictures. read through the text though. it looks like a hint that i dont get. with two others i feel like i did everything I could, but i cant guess the greds for the d**.er.htb and canā€™t find anything at stg.****er.htb. found bak file. but i have no idea where to use the string from it.
could somebody give me a hint? i am very confused with all of the enumeration here

do we need a special wordlist in order to crack the hash for the web service on d*?
UPDATE: others said that rockyou should work for everything here at HTB. so there should be another way in, not just cracking the hash.

Iā€™m really stuck on getting anything that the hints from the c*** vh*** are saying. I have gobustered everything and looked at everything, but just canā€™t see where to go from next. i feel like the response from the con****.p** is telling me something but I just donā€™t know what to do with it. Ahhhhhhh

What could possibly be done with this uploading?
EDIT: Without knowing how uploading work it is really hard to highlight useful vuln from tons of strange search results.

Iā€™ve just started exploring , however Iā€™m having timeouts with this box on vip server.
Rebooted - still doesnā€™t work.
Is it a bug or a feature? :slight_smile:

got some creds and now stuck at l*ll. Trying to escape but very few doors. any hint would be appreciated.

Awesome box just, rooted thanks so much @MrR3boot one of the harder boxes that Iā€™ve done but super satisfying!