There is something broken around the service. After few requests it stopped talk to me, I waste 2 days on trying to do one simple thing. So finally I moved from VIP to free servers and it works pretty well there. I got what I need in no time. So if you are on VIP and you are stuck, maybe you should consider jumping into free servers for this one.
There is something broken around the service. After few requests it stopped talk to me, I waste 2 days on trying to do one simple thing. So finally I moved from VIP to free servers and it works pretty well there. I got what I need in no time. So if you are on VIP and you are stuck, maybe you should consider jumping into free servers for this one.
I’m stuck at the bdchecker, I can run it (or better have somebody to run it for me) and read its output but I can’t execute any other command but the one it explicitly says I can run, and I don’t know if there’s a way to exploit this single command or retrieve something useful with it…
I tried several command concatenation, I tried to look for a way to make it produce some arbitrary text and save it on disk… I’m running out of ideas. Any hint will be greatly appreciated.
I am keeping an eye on this thread to know what’s up with the box. I’ve read that a lot of people are experiencing that the privesc part is unstable. After a couple of checks I did locally I can confirm that that’s the case. This is something we did test thoroughly though, but after the testing procedure we made a small mistake which resulted in the privesc part being unstable. I’ve messaged a moderator on HTB and we’re working on a fix.
Sadly I’m not able to remove the experience from people who already rooted the machine, but to all of you who did own the box pre-patched; consider yourself a go-getter
I am onto root, I can see the odd process, but i can’t execute it, download it or dump it. Is there some other way to interact with it, that i’m missing?
Edit: Found what to do with it (thanks to @keyos1 ), but i can’t forward anything to me, as some have suggested in the post. Any nudges?
On average, how much did you guys wait for the initial foothold to trigger?
I’m havin’ trouble triggering just the expected behaviour from the application…
I can get a ping back. No other command executes, trying to encode the commands but having difficulty in encoding all those quotes in a reverse shell. Any advise.
I can get a ping back. No other command executes, trying to encode the commands but having difficulty in encoding all those quotes in a reverse shell. Any advise.
I spent far too much time on Priv Esc due to a missing character white space character in my script, assumed it didnt work and went back into enumeration phase
My hint for rooting is that after you find the thing to exploit, take the instructions it gives you literally … its not a riddle.
I think also, I took a non standard path to user as I did not need to use “b**************.**p” to get the reverse shell.