easy
Look what we have here. I’m glad the bruteforce part was removed
Did anyone do user the intended way? I couldn’t find the “real” vulnerability. Would someone enlighten me? Disclaimer: I rooted the box.
Segfault is killing me! xD
I’m ashamed to say that I might need a nudge on user. I have tried everything I could think of but have been unable to crack the beverage container.
Can I have a hint on the directory? I’ve tried dirb with every wordlist I know of, on HTML and PHP, but gotten nothing.
Guys, I got the user using RCE and pe** reverse shell through bt, I didn’t use SSH, but I believe the rooting should be done with ssh, because I found it’s possible to exploit the box using MP exploitation, so I created and copied my pub keys to user dzy/.ssh/authorized_keys, which was successful, but when I try to ssh using "ssh -i id_rsa d****zy@smasher2.htb" the box asking for user password!!, what I’m missing? can anyone hint me, please???
Rooted. That was fun.
hey guys , new comer here , I managed to get the job working but i cannot bypass the WAF , any pointers?
I can’t seem to find the URL for using the credential that I found??
@Aperture32 said:
Can I have a hint on the directory? I’ve tried dirb with every wordlist I know of, on HTML and PHP, but gotten nothing.
Same here… did you find it?
EDIT: Nevermind… investigate port 53 and learn how to use dig.
Type your comment> @Identity404 said:
(Quote)
Same here… did you find it?EDIT: Nevermind… investigate port 53 and learn how to use dig.
I tried dig and dsenum and gotten up addr and domain name
@nav1n said:
Guys, I got the user using RCE and pe** reverse shell through bt, I didn’t use SSH, but I believe the rooting should be done with ssh, because I found it’s possible to exploit the box using MP exploitation, so I created and copied my pub keys to user dzy/.ssh/authorized_keys, which was successful, but when I try to ssh using "ssh -i id_rsa d****zy@smasher2.htb" the box asking for user password!!, what I’m missing? can anyone hint me, please???
That is weird, I could login via ssh.
Rooted. I really liked this box. learned something new.
Wrote 2 scripts for the intended route for user (or at least w-d) but the server seems to crash if I go to fast with either script. And I don’t think the “grep for c” hint helped. Am I doing it wrong? Can someone PM a hint?
I think, and I could be wrong, but the Grep For C hint was for when there was a basic auth turned on this server (which is now off I hear). You are correct there is something that will stop you from hammering this server with some requests…
Are there any creds in ***.so? It seems like I need them to progress, but nothing.
Edit: Got user, pretty interesting. Now the journey to root.
E2: Thanks to @v1p3r0u5 for sharing the root method. While I wouldn’t have found it on my own, I definitely learnt a lot from the writeups
Just rooted this. what an amazing box! if people need help please contact me on discord since i don’t look here.
i will give the hints that apply to me the most
User: don’t get stuck on reversing that file, it only gives you a limited bit of information. (in 2 parts)
bruteforcing/guessing may be needed, i didn’t expect this from this box. someone had to hint it to me.
Root: i had to go to the library to figure out this one.
Got root. User is good but i don’t like guessing. Root is not brainfuck at all, some unusual enumeration (Thanks @menessim for initial direction) and next step was very easy.
The first Smasher was worth a badge. I feel like this one should have been worth a badge too. Cant wait for Smasher3. I hope that one comes with a badge