OpenAdmin

Type your comment> @neoconfig said:

Hey, can someone help me, I crashed, I can’t climb privileges on the machine, can someone give me a hand or any tips?

you mean from user->root? there is no way to give hints without completely spoiling it. enumerate as usual and afterwards you will need gtfobins.

@neoconfig said:
Hey, can someone help me, I crashed, I can’t climb privileges on the machine, can someone give me a hand or any tips?

@yeezybusta said:
Type your comment> @neoconfig said:

Hey, can someone help me, I crashed, I can’t climb privileges on the machine, can someone give me a hand or any tips?

you mean from user->root? there is no way to give hints without completely spoiling it. enumerate as usual and afterwards you will need gtfobins.

this is the problem, i don’t know how i can enumerate, what are the sensitive files, or where are the passwords, i started now, and i don’t know the way :cc

Type your comment> @neoconfig said:

@neoconfig said:
Hey, can someone help me, I crashed, I can’t climb privileges on the machine, can someone give me a hand or any tips?

@yeezybusta said:
Type your comment> @neoconfig said:

Hey, can someone help me, I crashed, I can’t climb privileges on the machine, can someone give me a hand or any tips?

you mean from user->root? there is no way to give hints without completely spoiling it. enumerate as usual and afterwards you will need gtfobins.

this is the problem, i don’t know how i can enumerate, what are the sensitive files, or where are the passwords, i started now, and i don’t know the way :cc

search all files on the system for strings that you think would be important to find. ie: user, password, authenticate, usernames, etc

rooted. All you need is basic enumeration skills and google.
A straight and easy but fun box. Thank you the creator.

Much fun :thumbsup:
All good hints were already put here, but if you still need help - PM me!

Type your comment> @up2nogood said:

yea… idk … I’ve read every line of every file you can get to in the www dir… there is no creds to be found.

maybe there’s more than one “www” dir …

Type your comment> @SaltEngineer said:

I grabbed user.txt, but I’m struggling to find anything useful since the password I’ve got only gets me into ssh on j****a. Anyone able to point me in a good direction on gtfo? Everything I’ve checked has asked for creds.

Its very hard to do without it being a too-obvious spoiler.

I would suggest checking what your account is allowed to do, possibly by running as a different user, and then searching for ways to exploit that particular command.

Type your comment> @LMAY75 said:

Need help editing the script for the 47**1RCE

It shouldnt need any changing - you can invoke it with a string saying where you want to attack.

Spoiler Removed

Easiest machine that has been released on HTB in quite a while. In truth, I’m thankful – I think it’s very beneficial for the newcomers, even though some of the more seasoned users likely finished this very quickly. Even though I can’t really say I learned anything, I still enjoyed doing this box; it was a nice change of pace for once.

Foothold: CVE. No modification required.

User: All I needed was grep and curl.

Root: GTFObins.

Type your comment> @farbs said:

Easiest machine that has been released on HTB in quite a while. In truth, I’m thankful – I think it’s very beneficial for the newcomers, even though some of the more seasoned users likely finished this very quickly. Even though I can’t really say I learned anything, I still enjoyed doing this box; it was a nice change of pace for once.

100% agree. It is nice to get a broader mix of difficulties and effort required.

I enjoyed this box. If I wasn’t rubbish, I’d try to build boxes like this to submit.

Anybody else get an unresponsive $ shell when running the exploit? I took off --silent and it showed this…

$ id
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 397 100 271 100 126 108 50 0:00:02 0:00:02 --:–:-- 159
$

Great box. Learned something new.
Thanks to @1xWiZARD for the nudge

Type your comment> @LMAY75 said:

Anybody else get an unresponsive $ shell when running the exploit? I took off --silent and it showed this…

$ id
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 397 100 271 100 126 108 50 0:00:02 0:00:02 --:–:-- 159
$

That could be saying the server is running out of resources but if it’s on Free its probably reset every few minutes anyway.

Also double-check you are providing the correct remote address to the script.

Guys, can someone help me?

I just got a low privilege shell and then following the tips here I find a user o*****s and a password. But they do not seem to fit in anywhere. Can you guys point me in the right direction?

Thankyou.

Rooted.
Refreshing after weeks spent on insane machines.
Pretty fun even if easy.

I would say everything you need has been posted in here. Maybe a little hint to move from user1 to user2: have a look at the configuration files…

Type your comment> @nuxmorpheus01 said:

Guys, can someone help me?

I just got a low privilege shell and then following the tips here I find a user o*****s and a password. But they do not seem to fit in anywhere. Can you guys point me in the right direction?

Thankyou.

I am not sure what user account you have - it doesn’t look like one I found.

However, if you have the ability to execute remote commands on the server, make sure you fully investigate everything you can see. Start off with files and folders by where you landed before you look into the broader filesystem.

Hello, I am trying to use find / grep to find some password that gives me access to the first user, so far I can’t find anything, am I on the right track? thanks…

Type your comment> @TazWake said:

Type your comment> @nuxmorpheus01 said:

Guys, can someone help me?

I just got a low privilege shell and then following the tips here I find a user o*****s and a password. But they do not seem to fit in anywhere. Can you guys point me in the right direction?

Thankyou.

I am not sure what user account you have - it doesn’t look like one I found.

However, if you have the ability to execute remote commands on the server, make sure you fully investigate everything you can see. Start off with files and folders by where you landed before you look into the broader filesystem.

It was a database user. I think I looked at all the subfolders of the application.

Can someone send me how to use the .sh please.