Reset the box, still not working - either some dude is hammering the register with a script to secure his own access or something broke... Does it still work for you guys?
Bear in mind, everyone who attacks the box will (eventually) change the password so your password won't work.
If you've left it for any period of time, or the box has reset, you need to re-exploit the first bit again.
That's what I was talking about. I tried to renew the admin password all morning, same way as yesterday. Reset the box twice. It worked zero times. I was quite quick, 2 max seconds between registering and login in. Like I said, something broke or someone used a script to constantly change the password back. Super annyoing, I only have limited time windows for HTB.
Ok, so now i'm at the point where i found a pub and private key, but they say they're the wrong format?? i think the pub is too short, trying different editors to see the whole key....
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
Rooted ! Challenging box. I don't want to spoil, so this is the helpful comments in my opinion:
User part1: Last comment of @embranco on page 4.
User part2: Discussion of @lucaswebb24 and @TazWake on page 8.
User part 2.1: Comment of @syn4ps on page 5.
Happy when I found out same old exploit worked all the time, just other users got in the way....
But: I got the private key, unable to get it into the right format, tried various bash tools and graphics design software to extract the text from PDF - invalid format. The key looks good otherwise, header and footer intact.
Happy when I found out same old exploit worked all the time, just other users got in the way....
But: I got the private key, unable to get it into the right format, tried various bash tools and graphics design software to extract the text from PDF - invalid format. The key looks good otherwise, header and footer intact.
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
Happy when I found out same old exploit worked all the time, just other users got in the way....
But: I got the private key, unable to get it into the right format, tried various bash tools and graphics design software to extract the text from PDF - invalid format. The key looks good otherwise, header and footer intact.
The page width might be cutting off bits.
Yes I noticed that right away. That why I tried multiple tools, but linebraks and blank spaces are messed up. Which tool did you use? I tried pdf2text and Affinity Photo, Okular & Foxit PDF
Happy when I found out same old exploit worked all the time, just other users got in the way....
But: I got the private key, unable to get it into the right format, tried various bash tools and graphics design software to extract the text from PDF - invalid format. The key looks good otherwise, header and footer intact.
The page width might be cutting off bits.
Yes I noticed that right away. That why I tried multiple tools, but linebraks and blank spaces are messed up. Which tool did you use? I tried pdf2text and Affinity Photo, Okular & Foxit PDF
you dont need any software for that..... <"pre+...................
Struggling with root, been looking for odd services all day, nothing is sticking out like a sore thumb
Is there something in the home folder which you wouldn't expect to see? is it related to a running service? If you have the ability to write to the thing in the folder and the service is running, there is an attack you can try.
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
can somebody plz point me to something i can read on the foothold? I dont understand the hints and can't think of anything i can do to the login/registration =(
Thanks @MrR3boot
User was a apinful fun that took hours.
Root was straight even if diffcult to trigger on free server cause many people working at the same time
Happy when I found out same old exploit worked all the time, just other users got in the way....
But: I got the private key, unable to get it into the right format, tried various bash tools and graphics design software to extract the text from PDF - invalid format. The key looks good otherwise, header and footer intact.
The page width might be cutting off bits.
Yes I noticed that right away. That why I tried multiple tools, but linebraks and blank spaces are messed up. Which tool did you use? I tried pdf2text and Affinity Photo, Okular & Foxit PDF
you dont need any software for that..... <"pre+...................
I think it would be better to change the font size
Hi guys! I am trying to login in the admin panel, but I can't understand what I am missing. Can you please help me, send me some message or something like that?
Thank you so much!
Comments
Server are too slow
can i ask something regarding to root? im waiting lets say for ever, for the l....... r.....e to get shell , its normal??
Type your comment> @TazWake said:
That's what I was talking about. I tried to renew the admin password all morning, same way as yesterday. Reset the box twice. It worked zero times. I was quite quick, 2 max seconds between registering and login in. Like I said, something broke or someone used a script to constantly change the password back. Super annyoing, I only have limited time windows for HTB.
Not sure if it's working again or I'm too stupid....
Ok, so now i'm at the point where i found a pub and private key, but they say they're the wrong format?? i think the pub is too short, trying different editors to see the whole key....
Found the full public key, still wont work.....
Type your comment> @lucaswebb24 said:
the pub key of course don't work.....
I could need some help for root. I don't notice anything unusual, what should I be looking for?
@kalitkd said:
No. You may need to edit the target file.
Note: https://www.nohello.com/
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
Spoiler Removed
Note: https://www.nohello.com/
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
Rooted ! Challenging box. I don't want to spoil, so this is the helpful comments in my opinion:
User part1: Last comment of @embranco on page 4.
User part2: Discussion of @lucaswebb24 and @TazWake on page 8.
User part 2.1: Comment of @syn4ps on page 5.
Root: Comment of @zaphoxx page 5.
PM for help!
Please stop DOSing the machine. It's not gonna get you anywhere and you're ruining the experience for everyone.
edit: Totally unusable. Other boxes work fine. Gonna do something else and hopefully the person doing this will reevaluate his actions.
Yesterday someone constantly deleted my user / admin accounts while I tried to work out the exploit. Please stop it, it's not funny.
And this
afther two days rotating my head with the root process......
[email protected]:~# id
id
uid=0(root) gid=0(root) groups=0(root)
[email protected]:~#
[email protected]:~# cat root.txt
cat root.txt
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
[email protected]:~#
Happy when I found out same old exploit worked all the time, just other users got in the way....
But: I got the private key, unable to get it into the right format, tried various bash tools and graphics design software to extract the text from PDF - invalid format. The key looks good otherwise, header and footer intact.
@sparkla said:
The page width might be cutting off bits.
Note: https://www.nohello.com/
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
Type your comment> @TazWake said:
Yes I noticed that right away. That why I tried multiple tools, but linebraks and blank spaces are messed up. Which tool did you use? I tried pdf2text and Affinity Photo, Okular & Foxit PDF
got user. Thanks for all the hints!
Type your comment> @sparkla said:
you dont need any software for that..... <"pre+...................
Struggling with root, been looking for odd services all day, nothing is sticking out like a sore thumb
Removed
@lucaswebb24 said:
Is there something in the home folder which you wouldn't expect to see? is it related to a running service? If you have the ability to write to the thing in the folder and the service is running, there is an attack you can try.
Note: https://www.nohello.com/
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
can somebody plz point me to something i can read on the foothold? I dont understand the hints and can't think of anything i can do to the login/registration =(
Thanks @MrR3boot
User was a apinful fun that took hours.
Root was straight even if diffcult to trigger on free server cause many people working at the same time
> If you google for that word plus exploit github the best link is likely to be in the top 5
On point!
Really simple exploit, works like a charm!
```
[email protected]:~# sha256sum root.txt
fc8eefa1739404b6182211c83b3840349668521d7a21129b20fd56ae7652a5a7 root.txt
```
Overall one of the best boxes lately. Would have liked to leave some nudges but HTB WAF blocks me now for regular text. No idea...
Type your comment> @kalitkd said:
I think it would be better to change the font size
Alright, rooted! Good one. PM me for help if you get stuck.
Hi guys! I am trying to login in the admin panel, but I can't understand what I am missing. Can you please help me, send me some message or something like that?
Thank you so much!