Celestial hint

So do I … I’m stuck. Hints are welcome.

search about the running service

I’m trying the exploit but I just keep getting a connection reset in Burp. Not sure what’s wrong. Followed the instructions

Ok - first - this may be a spoiler so take it into consideration.
Now - I managed (using burp suite) to fin the following: “username”:““,“country”:”“,“city”:”“,“num”:”
Question is - where do I enter this username and these creds? ?

@eransh10 They Might not be needed. See what else can you change with Burp

Anyone on privesc?

I’m trying to work on the privesc but people keep resetting the box :anguished:

@jatinluthra14 - Do you have a reference of good burp tutorial ? I’m kinda new in the hacking space …

Watch ippsec’s videos he uses it extensively since web servers are pretty big attack surfaces.

There is an article that basically gives this machine to you if you can understand what it is running and what it is doing.

Privesc at least how I did was classic and simple, kind of a let down with how novel(compared to other htb boxes) the initial foothold is.

hi @mercwri - would appreciate a link to this article…

@eransh10 I won’t link it the thread since it basically is a spoiler. But the solution to getting a reverse shell is easily found if you look at what is running and search for common exploit methods to be used against it.

So i’ve figured out what I need to do via Burp so that I get different responses but I’m struggling with what precisely I need to change to get a foothold. I can manipulate the responses but right now all I seem to be able to do is print different messages or get errors from the server.

I’d appreciate a nudge or helpful DM. Thanks guys!

Any hints on priv esc?

@meni0n said:
Any hints on priv esc?

Look at the user’s home and you have all what you need.

i am having hard time with getting foot hold - if someone could PM for hints plz

@mercwri said:
Watch ippsec’s videos he uses it extensively since web servers are pretty big attack surfaces.

There is an article that basically gives this machine to you if you can understand what it is running and what it is doing.

Privesc at least how I did was classic and simple, kind of a let down with how novel(compared to other htb boxes) the initial foothold is.

not sure if i am doing a spoiler , done some research.
according to your hint i may need run some nodejs functions on my rig , then paste them inside the cookie ? am i on the right track ?

“There is an article that basically gives this machine to you if you can understand what it is running and what it is doing.”

…I follow the exact steps and I keep getting errors!!!..weird!!!

??? If it’s the one I am thinking of how??

@wh0am3y3 said:

@mercwri said:
Watch ippsec’s videos he uses it extensively since web servers are pretty big attack surfaces.

There is an article that basically gives this machine to you if you can understand what it is running and what it is doing.

Privesc at least how I did was classic and simple, kind of a let down with how novel(compared to other htb boxes) the initial foothold is.

not sure if i am doing a spoiler , done some research.
according to your hint i may need run some nodejs functions on my rig , then paste them inside the cookie ? am i on the right track ?

You have the right article I think, but you really need to read what they are doing and find out how to use that to build a payload.

@mercwri said:

@wh0am3y3 said:

@mercwri said:
Watch ippsec’s videos he uses it extensively since web servers are pretty big attack surfaces.

There is an article that basically gives this machine to you if you can understand what it is running and what it is doing.

Privesc at least how I did was classic and simple, kind of a let down with how novel(compared to other htb boxes) the initial foothold is.

not sure if i am doing a spoiler , done some research.
according to your hint i may need run some nodejs functions on my rig , then paste them inside the cookie ? am i on the right track ?

You have the right article I think, but you really need to read what they are doing and find out how to use that to build a payload.

Thanks a lot , tried some things but got some errors , I’ll get down on this one ,until i succeed :slight_smile: