Player

Spoiler Removed

I have absolutely no idea how people guessed right way to file in process.
If you are trying to enumerate all what you can, and then somehow combine it to way-to-go this is not that kind of machine, at least it is not for foothold’s file in process.

Okay, need a nudge. I don’t understand what I am missing.
so enumerated vhosts. have a few of those found. one seems pointless as it is just javascript and pictures. read through the text though. it looks like a hint that i dont get. with two others i feel like i did everything I could, but i cant guess the greds for the d**.er.htb and can’t find anything at stg.****er.htb. found bak file. but i have no idea where to use the string from it.
could somebody give me a hint? i am very confused with all of the enumeration here

do we need a special wordlist in order to crack the hash for the web service on d*?
UPDATE: others said that rockyou should work for everything here at HTB. so there should be another way in, not just cracking the hash.

I’m really stuck on getting anything that the hints from the c*** vh*** are saying. I have gobustered everything and looked at everything, but just can’t see where to go from next. i feel like the response from the con****.p** is telling me something but I just don’t know what to do with it. Ahhhhhhh

What could possibly be done with this uploading?
EDIT: Without knowing how uploading work it is really hard to highlight useful vuln from tons of strange search results.

I’ve just started exploring , however I’m having timeouts with this box on vip server.
Rebooted - still doesn’t work.
Is it a bug or a feature? :slight_smile:

got some creds and now stuck at l*ll. Trying to escape but very few doors. any hint would be appreciated.

Awesome box just, rooted thanks so much @MrR3boot one of the harder boxes that I’ve done but super satisfying!

@bluealder Glad that you enjoyed it :slight_smile:

Finally got root… Thank god! It was such a looong road…
But I loved this machine! Even though it was so frustrating most of the time, it also felt incredible every time you got to the next step. Loved that! Exploit for the web got me so excited, I’ve never seen such a cool vuln. Plus root was easy and fun.
Thanks big time to the @vsamiamv for all of the tips!
And thanks to the @MrR3boot for the machine!

Nice play @FatPotato

Awesome machine @MrR3boot . This was my first 40 points machine and i learned a lot. i thank @MrR3boot , @weelye , @Kucharskov for hints. User was a long way. root was obvious and easy, though there are few other ways for root. but i know only one.

Pm me if you need hints!

Welcome @shadyR . Good work :slight_smile:

Just AWESOME BOX @MrR3boot !!!
Most frustrating part for me was ‘bak’ file, after that it goes smoothly.
Thank you.

@s1mpl3 welcome :slight_smile:

i am wondering if the jail is a rabbit hole? any hints?

Hard and interesting box. Thanks @MrR3boot !
PM for hints.

My GAWWWD… user took me 2 days :(, I had the ssh login successfully using the user txxxgxn, but it was a restricted shell :(, but thanks to the “vuln”, got the user immediately. Now seems that the root isn’t far away.

EDIT:
DONE :slight_smile:

Upload is getting me to bang my head against the wall. Think I know how it works on a basic level but beyond that I can’t seem to recognize this CVE people are talking about.

Edit: Past that, got user.txt, now stuck with a sha1/md5 hash I can’t seem to crack.