Hm bit early for hints as the machine have only been up a day…
@shellyhx said:
Hm bit early for hints as the machine have only been up a day…
well i’m trying to compromise for ~10h already
Very nice machine. Just started and have the footprint. The question is how to exploit this because I never played with this “stuff”. Some research will be needed.
For developers it should be a piece of cake, but I’m unfortunately not a developer.
No need to be a developer to exploit this bad configuration. Google for it, there are exploits listed on the first page, the Chinese paper is great. I am stuck a little bit further with a password, a remote (outside htb) cache of data I can’t access/exploit without knowing host_id value…
I have shell, but cannot find user.txt. Did you manage to get it?
@cgrenier said:
No need to be a developer to exploit this bad configuration. Google for it, there are exploits listed on the first page, the Chinese paper is great. I am stuck a little bit further with a password, a remote (outside htb) cache of data I can’t access/exploit without knowing host_id value…
If you have enumerated for 10 hours and haven’t found anything, the hint you are looking for is probably this: PAY ATTENTION.
I found what i needed, right now having new problems again c:
got root, that was exciting
i found an exploit from 2000 but its not working
Hi. I found that stuff about bad development config, but when I try to use it, the server communicates with my machine, but then sends a rst packet. Is this part of the challenge, or is there something wrong with my machine?
I’m from Brazil, and this bad development config has a connection timeout that is not big enough for the connection to succeed. I just changed my vpn from europe to usa and everything worked as expected.
@lehrling said:
I’m from Brazil, and this bad development config has a connection timeout that is not big enough for the connection to succeed. I just changed my vpn from europe to usa and everything worked as expected.
Yes, I know your pain.
Any idea on how to get a tty on this machine?!?
@Mefistogr said:
Any idea on how to get a tty on this machine?!?
look closely onto web
agreed, timeouts have been killing me lol
This machine is driving me crazy. I’ve run multiple recon tools but I can’t get anything useful to get the initial foothold. If someone wants to help me, I would really appreciate a PM
I have shell, and I have found something interseting, from which I have derived something and cracked something else. No idea what to do next, as in order to use these findings a certain type of interface has to be available, which it doesn’t seem to be?
Hey guys ,any hints for non-visible user.txt ? Also is the capture relevant or just a rabbit hole ?
Though this box is a bit unstable at the foothold stage, it absolutely is one of the more fun machines. I dig the story line approach.
In the same boat as uck084. I know where I want to go from here, but don’t know how the pcap is relevant, and I’m not seeing much else. Any help is appreciated.