Celestial hint

??? If it’s the one I am thinking of how??

@wh0am3y3 said:

@mercwri said:
Watch ippsec’s videos he uses it extensively since web servers are pretty big attack surfaces.

There is an article that basically gives this machine to you if you can understand what it is running and what it is doing.

Privesc at least how I did was classic and simple, kind of a let down with how novel(compared to other htb boxes) the initial foothold is.

not sure if i am doing a spoiler , done some research.
according to your hint i may need run some nodejs functions on my rig , then paste them inside the cookie ? am i on the right track ?

You have the right article I think, but you really need to read what they are doing and find out how to use that to build a payload.

@mercwri said:

@wh0am3y3 said:

@mercwri said:
Watch ippsec’s videos he uses it extensively since web servers are pretty big attack surfaces.

There is an article that basically gives this machine to you if you can understand what it is running and what it is doing.

Privesc at least how I did was classic and simple, kind of a let down with how novel(compared to other htb boxes) the initial foothold is.

not sure if i am doing a spoiler , done some research.
according to your hint i may need run some nodejs functions on my rig , then paste them inside the cookie ? am i on the right track ?

You have the right article I think, but you really need to read what they are doing and find out how to use that to build a payload.

Thanks a lot , tried some things but got some errors , I’ll get down on this one ,until i succeed :slight_smile:

Anyone use an existing exploit to get root? Can’t find much that stands out otherwise…

I need a priv esc hint. pleaassssseeee someone? I am getting more frustrated than American Pie.

Read through a few articles going over the same exploit, running into “An error occurred…invalid username type”. If I try to replace other variables, I still don’t get a reverse shell. Any nudge in the right direction would be appreciated.

@crybabycarlos said:
Read through a few articles going over the same exploit, running into “An error occurred…invalid username type”. If I try to replace other variables, I still don’t get a reverse shell. Any nudge in the right direction would be appreciated.

I am getting the exact same errors… If i wasn’t already bald I’d be pulling out my hair

@Nutellack said:
get same error message but it’s working fine, I get a shell,
did you control if your listener connects ?

You get the same error and it still connects? Hmmm, I will have to go back and see if there is something I am doing wrong… Are you using nc as a listener?

I’m also haveing some trouble getting a foothold. I get where I have to do it, I have just tried alot of things, and for some reason the port goes down every 5 min right now.
A hint would be appriciated, pm :anguished:

Just got the user flag. The biggest hint I could give is that there is an article and video on the internet that pretty much walks you through it. Enumerate the services and start looking for juicy articles on them.

is anyone having issues with this box? It keeps going down like every minute or so

Do I need to install node JS in my kali linux in order to get a shell?

@Pratik said:
Do I need to install node JS in my kali linux in order to get a shell?

No. You are on the ‘receiving’ end of the connection

So i Did get root…but felt i complicated it and no idea how it worked. Can someone DM me or I DM someone who got root to discuss and exchange ideas. Thanks

any hints for privesc? thnx

no need :slight_smile:
ps : pretty easy

I think I found the vector through which i should be able to get it. The problem is every time I try running my exploit, I crash the service (I get disconnected w/o any apparent reason, and I can’t hit the relevant port until the machine is reset).
Has anyone encountered anything similar?

@uck084 don’t overthink it. The pieces you need to see are right in front of you. Keep any eye on the clock.

can someone PM me for some research materials on this one… i have the burp information and the base64 stuff, been playing around and getting error messages etc… i think im on the right track but not sure what im meant to be looking at next… what am i meant to be researching here … i can explain further in PMs to avoid spoilers…

guys, cau you help me on priv esc?