Traverxec

anybody found a way to use creds? or just a simple rabbit hole?

God these creds for the user d***d but they seem to be useless

Type your comment> @minimal0 said:

I am not totally convinced it is the DDOS exploit which crashes the server.
I am on VIP and tried as soon as the box was release with nmap sT 10.10.10.165 and port 80 was closed.
After two reset, still closed.
So i am not totally convinced it is just the DDOS.

It was open for me though. Its weird hmmm

The port 80 being closed problem should be resolved. And don’t ever DoS on htb.

Type your comment> @Gboxx said:

Type your comment> @Shad0wQu35t said:

Type your comment> @Gboxx said:

I get User DD and Password N****e, ssh locally not working, su not working, any suggestions ?

thats the thing… don hv any login page too in the website

I think these credentials are troll :frowning:

No, they aren’t. Try harder

Type your comment> @olsv said:

Type your comment> @Gboxx said:

Type your comment> @Shad0wQu35t said:

Type your comment> @Gboxx said:

I get User DD and Password N****e, ssh locally not working, su not working, any suggestions ?

thats the thing… don hv any login page too in the website

I think these credentials are troll :frowning:

No, they aren’t. Try harder

Did you ever use them? If so, I am curious about that. I rooted it without ever using those credentials.

Type your comment> @trollzorftw said:

Type your comment> @olsv said:

Type your comment> @Gboxx said:

Type your comment> @Shad0wQu35t said:

Type your comment> @Gboxx said:

I get User DD and Password N****e, ssh locally not working, su not working, any suggestions ?

thats the thing… don hv any login page too in the website

I think these credentials are troll :frowning:

No, they aren’t. Try harder

Did you ever use them? If so, I am curious about that. I rooted it without ever using those credentials.

Yep. They eventually lead to D…

got user, root is hard, i’m still enumerating

Can I get a hint about how to start user without port 80 open?

Spoiler Removed

Got foothold and the credentials for the user, cant ssh or su to the user using the cracked credentials. Any hint on this one on how to escalate to user?

Type your comment> @casey said:

Got foothold and the credentials for the user, cant ssh or su to the user using the cracked credentials. Any hint on this one on how to escalate to user?

same here

Got initial shell, haven’t found any creds, any hints?

Type your comment> @Shad0wQu35t said:

Type your comment> @rholas said:

Can I get a hint about how to start user without port 80 open?

u need port 80 open in order to exploit into the system. the issue should be resolved now

But port 80 is still closed, tried reset but not worked

Type your comment> @Ma1ware said:

Got initial shell, haven’t found any creds, any hints?

try look for the folder used for html

got initial shell and found da*** credential, but unable to use su and ssh into da***. is that a rabbit hole?

Do we need the .hta***** file for getting user ?

I found creds but not worked, but found something in n…co… and open a new page

Stuck with found creds too…

@OMYT said:

Stuck with found creds too…

same here xD