Celestial hint

I’m trying to work on the privesc but people keep resetting the box :anguished:

@jatinluthra14 - Do you have a reference of good burp tutorial ? I’m kinda new in the hacking space …

Watch ippsec’s videos he uses it extensively since web servers are pretty big attack surfaces.

There is an article that basically gives this machine to you if you can understand what it is running and what it is doing.

Privesc at least how I did was classic and simple, kind of a let down with how novel(compared to other htb boxes) the initial foothold is.

hi @mercwri - would appreciate a link to this article…

@eransh10 I won’t link it the thread since it basically is a spoiler. But the solution to getting a reverse shell is easily found if you look at what is running and search for common exploit methods to be used against it.

So i’ve figured out what I need to do via Burp so that I get different responses but I’m struggling with what precisely I need to change to get a foothold. I can manipulate the responses but right now all I seem to be able to do is print different messages or get errors from the server.

I’d appreciate a nudge or helpful DM. Thanks guys!

Any hints on priv esc?

@meni0n said:
Any hints on priv esc?

Look at the user’s home and you have all what you need.

i am having hard time with getting foot hold - if someone could PM for hints plz

@mercwri said:
Watch ippsec’s videos he uses it extensively since web servers are pretty big attack surfaces.

There is an article that basically gives this machine to you if you can understand what it is running and what it is doing.

Privesc at least how I did was classic and simple, kind of a let down with how novel(compared to other htb boxes) the initial foothold is.

not sure if i am doing a spoiler , done some research.
according to your hint i may need run some nodejs functions on my rig , then paste them inside the cookie ? am i on the right track ?

“There is an article that basically gives this machine to you if you can understand what it is running and what it is doing.”

…I follow the exact steps and I keep getting errors!!!..weird!!!

??? If it’s the one I am thinking of how??

@wh0am3y3 said:

@mercwri said:
Watch ippsec’s videos he uses it extensively since web servers are pretty big attack surfaces.

There is an article that basically gives this machine to you if you can understand what it is running and what it is doing.

Privesc at least how I did was classic and simple, kind of a let down with how novel(compared to other htb boxes) the initial foothold is.

not sure if i am doing a spoiler , done some research.
according to your hint i may need run some nodejs functions on my rig , then paste them inside the cookie ? am i on the right track ?

You have the right article I think, but you really need to read what they are doing and find out how to use that to build a payload.

@mercwri said:

@wh0am3y3 said:

@mercwri said:
Watch ippsec’s videos he uses it extensively since web servers are pretty big attack surfaces.

There is an article that basically gives this machine to you if you can understand what it is running and what it is doing.

Privesc at least how I did was classic and simple, kind of a let down with how novel(compared to other htb boxes) the initial foothold is.

not sure if i am doing a spoiler , done some research.
according to your hint i may need run some nodejs functions on my rig , then paste them inside the cookie ? am i on the right track ?

You have the right article I think, but you really need to read what they are doing and find out how to use that to build a payload.

Thanks a lot , tried some things but got some errors , I’ll get down on this one ,until i succeed :slight_smile:

Anyone use an existing exploit to get root? Can’t find much that stands out otherwise…

I need a priv esc hint. pleaassssseeee someone? I am getting more frustrated than American Pie.

Read through a few articles going over the same exploit, running into “An error occurred…invalid username type”. If I try to replace other variables, I still don’t get a reverse shell. Any nudge in the right direction would be appreciated.

@crybabycarlos said:
Read through a few articles going over the same exploit, running into “An error occurred…invalid username type”. If I try to replace other variables, I still don’t get a reverse shell. Any nudge in the right direction would be appreciated.

I am getting the exact same errors… If i wasn’t already bald I’d be pulling out my hair

@Nutellack said:
get same error message but it’s working fine, I get a shell,
did you control if your listener connects ?

You get the same error and it still connects? Hmmm, I will have to go back and see if there is something I am doing wrong… Are you using nc as a listener?

I’m also haveing some trouble getting a foothold. I get where I have to do it, I have just tried alot of things, and for some reason the port goes down every 5 min right now.
A hint would be appriciated, pm :anguished: