Cool box and real life example.
Although had lot’s of problems with the correct syntax for the reverse shell, thanks @sn4k3r1tu4l for the nudge on the syntax.
Finally got root!!! It took me so looong to get user!
I’ve enumerated everything (many times)… At the end, i knew whole environment like my pockets. Because of that, once got user, it took me about 5 minutes to get root.
There’s everything you need on this board to get both (without any prevous knoledge). Have fun
Rooted! Arguably the best machine I’ve done on HTB so far.
Really struggled with the payload. I’d love to hear from others what payload did they use. I wonder if my way was the only one.
Hints:
The forum thread is very informative for HTB standard. Spoilerish sometimes. I knew what to do to move from foothold to user even before having foothold.
Foothold:
Enumerate. A lot. Look under every stone but not in CTFy way. Just look at what the public systems offer and follow the crumbs
When you find a vuln you’ll struggle with a payload (I know I did). Don’t fret, just take it slowly. Try simple things first, build up on them. Make sure your payload does what you think it does, test locally.
User:
Use what you already know to gain more information. You’ll even have almost-ready scripts for that
Enumerate even more with your new info
Remember: these guy’s (the dev team from the box) suck at security. Use their mistakes
Root:
It’s really easy, compared to the user
Find the tool, RTFM, root dance
BUT copying command from tutorial won’t do. Make sure you know the keys before you try to stick them into the hole
If you still have problems, PM me, I’ll try to help.
Having some issues with the payload. I tried testing it locally and that works, but even trying just a simple print statement via the post request gives me the error: an unhandled exception occurred. I’ve tried every single escape char I can think of but I still get that error. I’m using a modified python script taken from their repo in order to exploit. Any hints would be appreciated.
Having some issues with the payload. I tried testing it locally and that works, but even trying just a simple print statement via the post request gives me the error: an unhandled exception occurred. I’ve tried every single escape char I can think of but I still get that error. I’m using a modified python script taken from their repo in order to exploit. Any hints would be appreciated.
You are getting an exception since you are doing something the application didn’t expect.
That doesn’t mean however your payload hasn’t been executed. If you are with a payload already, try to create a reverse shell. That’s the best way to see if your approach is working or not.
I don’t know if I did this the wrong way but I never got a low priv shell, the shell I got was root right away. Is this what is meant to happen? Please pm me so we can discuss what I did without spoiling any info here. Thanks
Interesting box, the part with reverse shell was more painful than getting everything afterwards only because my kali machine acted strange for some reason
Interesting box, the part with reverse shell was more painful than getting everything afterwards only because my kali machine acted strange for some reason
Been struggling quite a lot to get the payload syntax for initial shell, would love to get some explanations about it and some help getting it fixed.
edit : nvm got it