No fuzzing really required for this box
Type your comment> @cyberafro said:
No fuzzing really required for this box
so how can I connect those webshell? Iāve git cloned all those php filesā¦now?!
Sometimes with gobuster I find files on the webserver, than the connection drops and all is goneā¦
Now Iām starting dirsearchā¦
You already have what you need if you find the webshell, just type the full url
Hello friends -
First time posting here. Very new at this.
Iām running into āInvalid formatā error when I tried to ssh in with certain given āauthorized_keysā. I do see the message of āI guess things can be configured betterā but Iām pretty lost as for what to do. Any hint will be much appreciated!
Very interesting machine and was very enjoyable.
User Hint: Think of the basics and use OSINT to gain information to get a foothold.
Root Hint: Remember your enumeration when you get an initial hook in a machine.
Feel free to DM me for any bumps this is my first time posting on the forums so I would really like to help out if you need it cheers
Awesome machine! thx
and someone had the brilliant idea of deleting files. I get back to this box after getting the user flag two days ago (yes iām taking my time) and get to see people are accessing this and deleting file s forcing others to reset it.
Iāve seen this message being repeated too many times by people engaged here but I guess some of it needs to be constantly repeated: most HTB boxes do not require any BRUTEFORCING, anything you do like deleting files affects other peopleās experience here. PLEASE be mindful and considerate with others, just like we ALL need to be while dealing with the Coronavirus (separate issue).
Type your comment> @cyberafro said:
Type your comment> @ratcanska said:
Guys, there is no anymore file *SPOILER.!!
Lol, i had the same feeling, look around, itās been moved to his colleague folderā¦
Finally got flag without root shell, i was struggling to get my listener respondā¦
My listener keeps hanging.
first time posting a comment here.
really fun and unique machine, enjoyed everything apart from the fact that it is unresponsive at times due to people bruteforcing.
here are some of my hints.
FOOTHOLD: google the hint given by the box creator and try everything you have found.
USER: enumerate, read the files, know your powers and what they can do.
ROOT: pspy and find something writableā¦
have fun!
Are there files missing from the box that need to be there?
why must people constantly reset the box? Nothing is missing, I can assure you. How about you test your stuff locally before assuming the box is incorrect?
Be patient Guys !
This is just an easy machine, so Resetting and deleting files is expected by script kiddies !
There is a lot of traffic in this box, stay calm and be patient
Anyway all hints are available
User: How to assign a permission to someone in Linux, Someone is already assigned !
Root: Catch the automation and inject in certain time !
Rooted.
Easy user, hard root (for me, anyway).
All tips posted on forum already are definitely enough, seriously just had to try harder to get it in the end.
A group of newbs are deleting the l** file needed to get user flag, and then cancelling resets so they can work on root.
rooted if you stuck PM me
rooted yesterday. but not without help. main problem was that I got sidetracked by scripts made by other users. Sadly I realized way too late that those files are not supposed to be there
Anyway: really great box. taught me new things. thats the most important thing. Thank you @Xh4H
Init foothold: read everything you an access and then google
user: look at what you can access/run and if someone left notes behind
root: look at whats going on and look for something you can wirte to
Thanks to the belter whose removed lu*** on VIP15ā¦very useful
EDIT: Switched servers and its not on VIP2 eitherā¦@Xh4H?..
I dont know if its been considered, but it might be worth making the critical files immutable
to stop people deleting them out of stupidity or malice.
Type your comment> @TazWake said:
I dont know if its been considered, but it might be worth making the critical files
immutable
to stop people deleting them out of stupidity or malice.
Thisā¦