Craft

Rooted, that was a funny box.

Thanks @rotarydrone !

Feel free to PM me for hints (user / root)

hi , i need reall help with the getting shell part as i know what i want to do but cant figure that out correctly, i will appreciate u if help me pass this step as im stuck like 10 hours

Amazing box, so many rabbit holes

Feel free to PM me if you need help

Rooted! This was a great box, thank you @rotarydrone ! It was a super realistic box (uses tech I use at work, simulates the workflows of a modern dev shop very realistically)

There are 0 exploits needed for this, apart from the initial foothold. Also 0 guessing. This box is all about enumeration. Once you know where to look, the path from there is straightforward!

I have a initial shell but having trouble editing files or anything so I can access the de using creds from ss.py, and the usual python command to get a more stable shell isn’t working for me. Any help?

E: nm, didn’t look at shells enough

Rooted! Very fun box

root@craft:~# cat root.txt
Very good box.

Hi Everyone
Great machine so far, finally rooted.
But still have some questions opened.

Does someone reach to bruteforce SSH Key?

Can somebody explain me why I can make a git clone through ssh but cannot reuse key to access ssh ? ssh is getting completely stuck?

Thx for your answer guys , enjoie.

One of the most interesting boxes in my six weeks on hackthebox.

Thankyou @rotarydrone for having put this together. Really interesting.

Thank you @w4x for help with craft.htb! Now going for user and root)

I really need some help with this box. having a hard time just getting started.

Nice box !!! Enjoyed lot , Also learned lot of things and i got know new technologies.

Thank you so much who are helped me with this box @GPLO and @crankyyash

anyone willing to point me in the right direction Found creds but not sure how to use them

Thanks for your time!

Could use help on crafting the payload. Got t****, tried five different payloads(That work locally) with lots of different escaping… nothing pops a reverse shell

Rooted. Nice Box:)

Rooted !

Very nice box, I love it.

If need help you can ask on pm.

Rooted! Feel free to contact me for hints :slight_smile:

Greate box had a lot of fun solving it, also learned alot of new stuff :slight_smile:
root@craft:~# wc -m root.txt
33 root.txt

Last login: Fri Nov 22 04:11:15 2019 from 10.10.10.110
root@craft:~# ls
root.txt
fun box, good for my python knowledge.

still, all the hacking i did was on a windows 7 machine :slight_smile:

My reverse shell will not run mySQL commands. Can sometime tell me if my reverse shell is inadequate?

what about using php to query db? :slight_smile: