Registry

Any hints on finding creds for the login page?

Type your comment> @nando740 said:

Any hints on finding creds for the login page?

Explore the web server directory where you would find files associated with the web app. There will be a file of interest. :slight_smile:

Type your comment> @nando740 said:

Any hints on finding creds for the login page?

Think about where do webapps usually store creds, and look for that between the folders you can read.

Thanks. Had already thoroughly explored those dirs, but did not think about explore that file in so raw way. Had tried its utility (not present in the system).

Can concentrate on the vector now. A lot of RTFM of that r****c thing ahead. :frowning:

And rooted :blush:

Pulled hair on finding creds to the app (respects given to the helpers), but after that, the service manual solved the rest.

Type your comment> @grav3m1ndbyte said:

Not like this box is hard or easy or whatever, but most of the things I’ve found through the initial foothold has led me nowhere or to what looks to be a deadend, and…I’m confused to be quite honest. Can someone help out? If so, PM me.

Rooted! Got stuck a couple of times because I was overthinking it and in one instance I did not think outside the box when trying to approach some things. The box is not as hard as it first might look like.

If you have never used the technologies present on this box, be prepared to spend several days reading documentation, trying some things, failing miserably, and trying something else. However, this is the point. If you do not spend the time to understand how things work, then all you have is a little trophy in your HTB trophy case. Maybe that is enough for some.

I know that some have mentioned you can do everything you need locally on the machine but I was not that lucky. I needed to host a server on the last step, which worked like a champ (again after reading documentation, trying some things, failing miserably, and trying something else). If you have the root directory, you have the root shell.

Happy to help anyone who needs a nudge. Send me a DM. Let me know where you are stuck and not just “I tried a bunch of stuff and nothing worked”.

Well that was a challenge and then some. Thanks to all who have left cryptic hints on here, even though I found them as frustrating as the box itself at times. Lots of stuff learnt in the process of getting this box and probably the most satisfying root prompt I’ve ever got.

Hi all,
I am currently on user b***. Can’t seem to find a way to get my reverse shell to work as it keeps timing out. Looks like outbound connections are blocked or something. Can someone give me a tip on how to work around this? What am I missing/do I need another approach?

update: figured it out

Stuck at the foothold from much time, the d****.r****y.h not showing any kind of results.
If anyone could give a direction it’ll be appreciated

Great box @thek !! Very hard root for me!

Rooted
PM for help :slight_smile:

Hi, I pulled b***-i****, used top/top creds and enum. no idea. found not too much except ~/.s** folder with config and keys. Tried playing with s** -i login but nope, nothing has worked :confused:

Can anyone put me on the right track, please? I have been hitting the wall for a few days.
Help will be greatly respected and appreciated.

Very very good box, enjoyed it a lot end to end. Thanks @thek, my favorite linux box so far!

Super fun and challenging box with a variety of exercises, much appreciation @thek! Did anyone succeed in getting a root shell? Or getting root flag in a serverless manner?

My advice:
Gaining a foothold: Look around until you find a weird response, encoded inside it there is a hint pointing to a useful sub. Learn about that technology and think about the box name to figure out how to use the sub – think lazy for auth (thanks @reverse1!!). Sniff around in your new environment until you’ve found to find a useful config, it’s a little dusty but probably still works just fine.

U1 → U2: Try to establish a strong web presence with info you extract using U1 powers.

U1 → root: Think about a super awesome Linux privesc technique and find out what you can do. Looks like you can trick Midas into moving his gold to a location of your choice, which seems fantastic until you realise you don’t have the ability to see them! ? Just when you’re nearing tears because you can’t see the results of your effort, remind yourself you’re still a 1337 hax0r, and probably just need a nap. After you curl up and get some rest, (with complete disregard for your safety given your position in the enemy’s lair), you’ll find the answers come to you in a restful dream – seems like restrictions don’t transfer into the sleep realm.

Happy to help if if anyone needs a nudge on this amazing box!

I’ve been spending hours now, escalated to user2, but stuck on root… Don’t know where to ‘rest’ my hands… Any nudges will be gratefull! :dizzy:

Edit: Rooted. I didn’t consider the traditional methods of FT. :wink:

Hi folks,
Anyone have a nudge about user2? I m logged on the c*s, got the webshell but cannot have a bind or reverse shell witj the cat. Any nudges would be really welcomed
Thanks a lot.

Rooted! Great box, although root gave me some pain. Many times I got stuck at little things, but learned a lot!

Can someone please help me with box? I’m trying to get the server binary to b*** user machine but seems like the the file is too big or something to be transferred?

root@bolt:~# whoami
root
root@bolt:~# id
uid=0(root) gid=0(root) groups=0(root)

Finally after banging my Head for so long ! One of the best box that I’ve done so far !
Hints :- Enumerate , read the docs !
PM for nudges !