This box at initial step is sooo slooooooow. Sometimes even restart didint help. Some tips for players: client side, enumerate, bruteforce and half of "answer to life the universe and everything"
If you have a problem with init/user/admin just PM'me. I will try help you
If you need help with something, PM me how far you've got already and what you've tried. I won't respond to profile comments. And remember to +respect me if I helped you
I am chaining vulns for foothold, i can see what can be used for getting shell, but my script not working as i expect.
Edit: if you trying to write your own stuff from the beginning and it is not working, consider using existing things on machine. (not regarding payload, more for vuln structure)
Machine is a bit lagi, so check your testing payloads with already working alongside with them.
Possible that that box is a lil unstable? Figured out how to basic test a response via a normal user. that worked for few attempts. then stopped. after reset not better.
Is am writing script to interact in internal service used python and bash scripts to do it, but they both failed. Help?
EDIT: If you writing script with sockets or call and it is not working - consider using telnetlib, simple and efficient.
What a fun box.
Thanks a lot to @Gioo & @Cneeliz for the journey
I learned a lot during the user stage
Root part was too simple imo
The need to reset the box every time the service crashes (and you know it will crash a lot) was a bit annoying and I'm pretty sure could've been solved easily
There is something broken around the service. After few requests it stopped talk to me, I waste 2 days on trying to do one simple thing. So finally I moved from VIP to free servers and it works pretty well there. I got what I need in no time. So if you are on VIP and you are stuck, maybe you should consider jumping into free servers for this one.
There is something broken around the service. After few requests it stopped talk to me, I waste 2 days on trying to do one simple thing. So finally I moved from VIP to free servers and it works pretty well there. I got what I need in no time. So if you are on VIP and you are stuck, maybe you should consider jumping into free servers for this one.
There is something broken around the service. After few requests it stopped talk to me, I waste 2 days on trying to do one simple thing. So finally I moved from VIP to free servers and it works pretty well there. I got what I need in no time. So if you are on VIP and you are stuck, maybe you should consider jumping into free servers for this one.
I'm stuck at the bdchecker, I can run it (or better have somebody to run it for me) and read its output but I can't execute any other command but the one it explicitly says I can run, and I don't know if there's a way to exploit this single command or retrieve something useful with it...
I tried several command concatenation, I tried to look for a way to make it produce some arbitrary text and save it on disk.. I'm running out of ideas. Any hint will be greatly appreciated.
I am keeping an eye on this thread to know what's up with the box. I've read that a lot of people are experiencing that the privesc part is unstable. After a couple of checks I did locally I can confirm that that's the case. This is something we did test thoroughly though, but after the testing procedure we made a small mistake which resulted in the privesc part being unstable. I've messaged a moderator on HTB and we're working on a fix.
Sadly I'm not able to remove the experience from people who already rooted the machine, but to all of you who did own the box pre-patched; consider yourself a go-getter
Do you guys think that this box is bugged? Nothing comes back, even after restarting the box. Someone from here confirmed my script.
I'm on `10.10.14` .
Edit: tried on the Free server too.
Can someone that completed this box, retry it and confirm that it works? I spent a crazy amount of time on what seems to be a bug..
Comments
OSCP | I'm not a rapper
This box at initial step is sooo slooooooow. Sometimes even restart didint help. Some tips for players: client side, enumerate, bruteforce and half of "answer to life the universe and everything"

If you have a problem with init/user/admin just PM'me. I will try help you
If you need help with something, PM me how far you've got already and what you've tried. I won't respond to profile comments. And remember to +respect me if I helped you
Never mind... I'm just an idiot about being consistent with URLs... /eyeroll
I am chaining vulns for foothold, i can see what can be used for getting shell, but my script not working as i expect.
Edit: if you trying to write your own stuff from the beginning and it is not working, consider using existing things on machine. (not regarding payload, more for vuln structure)
Machine is a bit lagi, so check your testing payloads with already working alongside with them.
PM for hints

Possible that that box is a lil unstable? Figured out how to basic test a response via a normal user. that worked for few attempts. then stopped. after reset not better.
I found a vulnerability in a point but I cannot exploit it maybe because unstable box. I need some indication
What to do at first? I am stuck for 2 hour thinking what to do. Nmap doesnt show ports and directory enumeration are slow.
Type your comment> @jayjay25 said:
you don't need a shell YET, try to grab something you could EAT, then use it for something you've already been there
Is am writing script to interact in internal service used python and bash scripts to do it, but they both failed. Help?
EDIT: If you writing script with sockets or call and it is not working - consider using telnetlib, simple and efficient.
I used python and it worked just fine.
The box is easy but very unstable as some have pointed out. Wasted a lot of hours during the initial step even though I was on the right path.
What a fun box.
Thanks a lot to @Gioo & @Cneeliz for the journey
I learned a lot during the user stage
Root part was too simple imo
The need to reset the box every time the service crashes (and you know it will crash a lot) was a bit annoying and I'm pretty sure could've been solved easily
Overall very nice box
Thanks a lot
Spoiler Removed
Could anyone give a hint with initial foothold? I did some enumeration, have an idea of what is happening, but don't know how to exploit it
There is something broken around the service. After few requests it stopped talk to me, I waste 2 days on trying to do one simple thing. So finally I moved from VIP to free servers and it works pretty well there. I got what I need in no time. So if you are on VIP and you are stuck, maybe you should consider jumping into free servers for this one.
Type your comment> @tmogg said:
I'm on free and i don't approve this advice xD
Type your comment> @DaChef said:
You have no choice if it doesn't work at all.
rooted , this box is really good , thanks for the box creators
I'm stuck at the bdchecker, I can run it (or better have somebody to run it for me) and read its output but I can't execute any other command but the one it explicitly says I can run, and I don't know if there's a way to exploit this single command or retrieve something useful with it...
I tried several command concatenation, I tried to look for a way to make it produce some arbitrary text and save it on disk.. I'm running out of ideas. Any hint will be greatly appreciated.
just rooted! message me for help
Very long final step ... slow ****
Hi guys,
Just a quick update:
I am keeping an eye on this thread to know what's up with the box. I've read that a lot of people are experiencing that the privesc part is unstable. After a couple of checks I did locally I can confirm that that's the case. This is something we did test thoroughly though, but after the testing procedure we made a small mistake which resulted in the privesc part being unstable. I've messaged a moderator on HTB and we're working on a fix.
Sadly I'm not able to remove the experience from people who already rooted the machine, but to all of you who did own the box pre-patched; consider yourself a go-getter
Thanks for your feedback.
I'm on `10.10.14` .
Edit: tried on the Free server too.
Can someone that completed this box, retry it and confirm that it works? I spent a crazy amount of time on what seems to be a bug..
Edit: It works!
This final part.... its a different version but I have no idea what it actually is.... lol
Spoiler Removed
I have same problem , I try with another tools to make my shell (I use nc actually)
Spoiler Removed