Wall

Hey guys, any hints for the first access? I wrote a script to bruteforce c****** API, but still not finding the password.

Rooted the box. thanks @donkeysnore for help.
DM me if you want help on the box

Such a nice box nudge me for any help.

Spoiler Removed

Hey,
Can Someone give me a clue about login credentials of c******* page.

Hi i need some help on the brute force of the credentials. Not very sure on what parameter to put.

Hey!

I’ve been banging my head against a wall (■■■■) for what feels like forever now. I managed to get into C******* with little to no problems, and I’m using the CVE script to try to get RCE working. I’ve modified it to show more info about the requests and responses and everything I try seems to land me with a 403. I know it has to do with some sort of character/word blacklist but it’s completely eluding me at this point.

Would someone be willing to DM me to help me understand this better?
Thank you!

same situation as @110Percent . I am starting to think my creds are not correct… in fact, i’ve notices that despite changing usernames, there is 1 password that always gives me the same response… help!

Well this is quite a headache. Almost cracked the screen getting root. Got the root.txt and user.txt but the two flags (1…7, f…6) are not accepted. Back to the drawing board I recon…

Edit. Nvm. they are now. Cool box.

Hi All, I can manage to get 2 types of shells on the box but my listener isn’t outputting anything. Can anyone help with a nudge in the right direction?

edit Nevermind i’m in.

Type your comment> @D4yz said:

same situation as @110Percent . I am starting to think my creds are not correct… in fact, i’ve notices that despite changing usernames, there is 1 password that always gives me the same response… help!

I’m certain my creds are correct, as I get 200s when I try to use commands that aren’t blacklisted by whatever’s getting in my way. I’ll pound away at it some more, but I’m still scratching my head trying to figure out how I can circumvent it.

Rooted! Thanks for the help :slight_smile:

Rooted. Thanks for the help from @Huejash0le and @verdienansein . The initial shell is tough, but root was very easy…All about enumeration! Frustrating but interesting box!

Can someone help… I am trying to send my command and I understand what the wall is doing… I just need a nudge in getting over it… PLEASE HELP!!!

Rooted! My first box on HTB- learned alot from this one. Thanks to the creator! Personally had no luck with the RCE script on its own, but if you really look into how the exploit works and the API it uses it can be done.

anyone help me please pm me

oof what a mindfuck…

so initial foothold was pretty easy. Once I had c***** the user/pass was definitely guessable without brute… my first guess was about one off :wink:

crafting the expoit took some time. The important part was getting feedback on what I was trying. Once I had that things moved quicker. Had to use some tricky phrase the likes I haven’t tried before

Root was easy as pie. Don’t fall into rabbit holes, no need to read a bunch of files like I did

overall I actually enjoyed it, learnt some different techniques as a result

Well, finally completed. This was my first box ever so everything was pretty confusing and new, but on the other hand I learned tons doing this. Thanks for everyone who shared tips on this forum, they were invaluable at points to get onwards.

Finally root , getting a RCE was clearly a pain in the A…, i didn’t reach make exploit work, i did it manually. Therefore getting a shell looks a bit random for me , I had to relaunch command twice, sometimes it did not work! why? i have no idea.
I even succeeded to get a shell just with launching a nc listener !!, probably a previous attempt that finally reach its goal 1 hours later.

hey guys
Someone willing to help me here? can’t seem to make any of the two exploits work… not even manually over gui