Registry

I think I got user the not intended way, I was able to ssh in with what I pulled from the blobs, then reseted the box because it was giving me issues and now I can’t ssh :neutral:

EDIT: Disregard - it was the intended way, I had a typo :blush:

Type your comment> @nando740 said:

An “x509: certificate signed by unknown authority” error indicates I’m on the right track?

The certificate will give you a clue about what website to visit

Type your comment> @gu4r15m0 said:

Type your comment> @nando740 said:

An “x509: certificate signed by unknown authority” error indicates I’m on the right track?

The certificate will give you a clue about what website to visit

I visited 2 API from the registry. The above error is when trying to d*** ln or d** p***.

@nando740 said:

I visited 2 API from the registry. The above error is when trying to d*** ln or d** p***.

The certificate error/warning is irrelevant, it is expected as the certificates are self-signed
Are you using wget to download something? try –no-check-certificate
If you are using curl, try -k

Type your comment> @gu4r15m0 said:

@nando740 said:

I visited 2 API from the registry. The above error is when trying to d*** ln or d** p***.

The certificate error/warning is irrelevant, it is expected as the certificates are self-signed
Are you using wget to download something? try –no-check-certificate
If you are using curl, try -k

I can download things. But trying to pull from the registry with d***** p***, always gives that error. Same for login to the registry with d***** l****.

Are the files I upload suppose to disappear? Can’t find a way around it :neutral:
Any nudges?

Type your comment> @gu4r15m0 said:

Are the files I upload suppose to disappear? Can’t find a way around it :neutral:
Any nudges?

Yea, gotta be fast.

Finally rooted. Thx for this cool box!

Solved my problem. Got user. On to root.

Does any1 have some FAIR documentation how the f* the r***** works? I cannot set up my server :S

Stuck on a login page for the c*s. :confused:

Done!

Welcome to Ubuntu 18.04.3 LTS (GNU/Linux 4.15.0-65-generic x86_64)

  System information as of Tue Mar 10 05:37:54 UTC 2020

  System load:  0.0               Users logged in:                1
  Usage of /:   5.6% of 61.80GB   IP address for eth0:            10.10.10.159
  Memory usage: 23%               IP address for br-1bad9bd75d17: 172.18.0.1
  Swap usage:   0%                IP address for d----0:         172.17.0.1
  Processes:    159
Last login: Tue Mar 10 05:37:27 2020 from 10.10.14.36
root@bolt:~# sha256sum root.txt
029b18b4c0e2194ef4be039b9e362d32522a5b8ab5141af4487293e338d763fe  root.txt
root@bolt:~#

Great box, love it! Thank @deluqs 's help

I am stuck with the first user. I was able to s** in as b***. I found the login page but I can’t find login info. I tried a few basic username/password combos. Am I supposed to find it from /v**/w**? I found a few things but I am stuck.

Any help?

Any hints on finding creds for the login page?

Type your comment> @nando740 said:

Any hints on finding creds for the login page?

Explore the web server directory where you would find files associated with the web app. There will be a file of interest. :slight_smile:

Type your comment> @nando740 said:

Any hints on finding creds for the login page?

Think about where do webapps usually store creds, and look for that between the folders you can read.

Thanks. Had already thoroughly explored those dirs, but did not think about explore that file in so raw way. Had tried its utility (not present in the system).

Can concentrate on the vector now. A lot of RTFM of that r****c thing ahead. :frowning:

And rooted :blush:

Pulled hair on finding creds to the app (respects given to the helpers), but after that, the service manual solved the rest.

Type your comment> @grav3m1ndbyte said:

Not like this box is hard or easy or whatever, but most of the things I’ve found through the initial foothold has led me nowhere or to what looks to be a deadend, and…I’m confused to be quite honest. Can someone help out? If so, PM me.

Rooted! Got stuck a couple of times because I was overthinking it and in one instance I did not think outside the box when trying to approach some things. The box is not as hard as it first might look like.

If you have never used the technologies present on this box, be prepared to spend several days reading documentation, trying some things, failing miserably, and trying something else. However, this is the point. If you do not spend the time to understand how things work, then all you have is a little trophy in your HTB trophy case. Maybe that is enough for some.

I know that some have mentioned you can do everything you need locally on the machine but I was not that lucky. I needed to host a server on the last step, which worked like a champ (again after reading documentation, trying some things, failing miserably, and trying something else). If you have the root directory, you have the root shell.

Happy to help anyone who needs a nudge. Send me a DM. Let me know where you are stuck and not just “I tried a bunch of stuff and nothing worked”.