Wall

Rooted. Thanks for the help from @Huejash0le and @verdienansein . The initial shell is tough, but root was very easy…All about enumeration! Frustrating but interesting box!

Can someone help… I am trying to send my command and I understand what the wall is doing… I just need a nudge in getting over it… PLEASE HELP!!!

Rooted! My first box on HTB- learned alot from this one. Thanks to the creator! Personally had no luck with the RCE script on its own, but if you really look into how the exploit works and the API it uses it can be done.

anyone help me please pm me

oof what a mindfuck…

so initial foothold was pretty easy. Once I had c***** the user/pass was definitely guessable without brute… my first guess was about one off :wink:

crafting the expoit took some time. The important part was getting feedback on what I was trying. Once I had that things moved quicker. Had to use some tricky phrase the likes I haven’t tried before

Root was easy as pie. Don’t fall into rabbit holes, no need to read a bunch of files like I did

overall I actually enjoyed it, learnt some different techniques as a result

Well, finally completed. This was my first box ever so everything was pretty confusing and new, but on the other hand I learned tons doing this. Thanks for everyone who shared tips on this forum, they were invaluable at points to get onwards.

Finally root , getting a RCE was clearly a pain in the A…, i didn’t reach make exploit work, i did it manually. Therefore getting a shell looks a bit random for me , I had to relaunch command twice, sometimes it did not work! why? i have no idea.
I even succeeded to get a shell just with launching a nc listener !!, probably a previous attempt that finally reach its goal 1 hours later.

hey guys
Someone willing to help me here? can’t seem to make any of the two exploits work… not even manually over gui

Finally got user and root. With the exploit I found, it dropped straight to root from www-data, so that was nice. This is my fifth box rooted at HTB and the first time I used SimpleHTTPServer. I found it very, very handy.

Hi everyone, honestly it’s driving me crazy. Yesterday I successfully got access to w**-d*** , found user folder, but I used CTRL-C which kicked me out of shell and now I can’t access it again, neither with script nor manually, even tho I get correct answer from server.

Edit: Somehow, machine doesn’t allow to connect me twice from the same port, don’t really know if it’s bug or something that I don’t understand. So If you connected, and can’t connect again, just try other ports. Hope that does not spoil anything.

Edit2: Feels, like something broken. Got inside with two different methods. Sometimes they works sometimes not. Honestly don’t know anymore what is wrong with this machine.

Is anybody getting Forbidden status code on /c******/m**.**.php ? POST request

Can somebody please tell me how to get into c*******?

What a box, frustrated at first. But actually pretty fun. I repaired the script and got in like that.
PM for hints.

Hi guys, any hints for privesc? I’m currently in w**-d***.

Hello, Can someone help me? I found the RCE for c********. but I was not able to exploit it. I tried a simple ping but no response from the machine. Please DM me to help.
I obtain in every case “you don’t have permission to access /c********/m***.. on this server.” any tip?

Type your comment> @wohax0r said:

Hello, Can someone help me? I found the RCE for c********. but I was not able to exploit it. I tried a simple ping but no response from the machine. Please DM me to help.
I obtain in every case “you don’t have permission to access /c********/m***.. on this server.” any tip?

Same here. But %20 causes the denied.
Will look again tomorrow

Can someone send me a hint on finding the credentials? I am really confused.

Hey all,

I stumbled upon an executable called Wall and thought it might be related to the box, since they have the same name and its permissions seemed interesting. I spent up to 4 hours trying to exploit it :smiley: untill I took a look at my one PC and found the same binary with the same permissions.

I couldn’t find anybody in here speaking about this binary before so I was wondering if this is related to the box or not.

Hope this is not a spoiler of some sort

Spoiler Removed

Rooted.