Olympus

Hm bit early for hints as the machine have only been up a day…

@shellyhx said:
Hm bit early for hints as the machine have only been up a day…

well i’m trying to compromise for ~10h already

Very nice machine. Just started and have the footprint. The question is how to exploit this because I never played with this “stuff”. Some research will be needed.

For developers it should be a piece of cake, but I’m unfortunately not a developer.

No need to be a developer to exploit this bad configuration. Google for it, there are exploits listed on the first page, the Chinese paper is great. I am stuck a little bit further with a password, a remote (outside htb) cache of data I can’t access/exploit without knowing host_id value…

I have shell, but cannot find user.txt. Did you manage to get it?

@cgrenier said:
No need to be a developer to exploit this bad configuration. Google for it, there are exploits listed on the first page, the Chinese paper is great. I am stuck a little bit further with a password, a remote (outside htb) cache of data I can’t access/exploit without knowing host_id value…

If you have enumerated for 10 hours and haven’t found anything, the hint you are looking for is probably this: PAY ATTENTION.

I found what i needed, right now having new problems again c:

got root, that was exciting

i found an exploit from 2000 but its not working :confused:

Hi. I found that stuff about bad development config, but when I try to use it, the server communicates with my machine, but then sends a rst packet. Is this part of the challenge, or is there something wrong with my machine?

I’m from Brazil, and this bad development config has a connection timeout that is not big enough for the connection to succeed. I just changed my vpn from europe to usa and everything worked as expected.

@lehrling said:
I’m from Brazil, and this bad development config has a connection timeout that is not big enough for the connection to succeed. I just changed my vpn from europe to usa and everything worked as expected.

Yes, I know your pain.

Any idea on how to get a tty on this machine?!?

@Mefistogr said:
Any idea on how to get a tty on this machine?!?

look closely onto web :slight_smile:

agreed, timeouts have been killing me lol

This machine is driving me crazy. I’ve run multiple recon tools but I can’t get anything useful to get the initial foothold. If someone wants to help me, I would really appreciate a PM

I have shell, and I have found something interseting, from which I have derived something and cracked something else. No idea what to do next, as in order to use these findings a certain type of interface has to be available, which it doesn’t seem to be?

Hey guys ,any hints for non-visible user.txt ? Also is the capture relevant or just a rabbit hole ?

Though this box is a bit unstable at the foothold stage, it absolutely is one of the more fun machines. I dig the story line approach.

In the same boat as uck084. I know where I want to go from here, but don’t know how the pcap is relevant, and I’m not seeing much else. Any help is appreciated.