Type your comment> @clubby789 said:
I rooted, but I don’t quite understand why what I did works. If someone can explain the c****o part to me, that wouuld be much appreciated.
Any hits ?
Type your comment> @clubby789 said:
I rooted, but I don’t quite understand why what I did works. If someone can explain the c****o part to me, that wouuld be much appreciated.
Any hits ?
My enum game is weak on this one, only found the text and can’t bust anymore from the ‘clue’
Edit:
nvm being lazy
Type your comment> @fmwd said:
Type your comment> @clubby789 said:
I rooted, but I don’t quite understand why what I did works. If someone can explain the c****o part to me, that wouuld be much appreciated.
Any hits ?
Consider doing one of the easier boxes first. The box has only been up for 12 hours…
Is password from *.php rabbit hole?
Type your comment> @ls4cfk said:
Is password from *.php rabbit hole?
Try reading all php files you can. You must have seen something like Unauthorized
user: read notes, find location, signup and use text fields, bond something together to escalate
root: enumerate, routine check and get the right way, open you eyes, is there
root@forwardslash:~# ifconfig | fgrep 10. | awk ‘{print $2}’
10.10.10.183
root@forwardslash:~# id
uid=0(root) gid=0(root) groups=0(root)
So far loving the “Please take care of our planet, we only have one.”
EDIT: And rooted. Really nice box but I fell into too much rabbit holes…
Thanks to InfoSecJack & chivato for this great box!
After you’ve rooted, please, undo everything you’ve done and clean up. Stop leaving the door open.
Any hint about crypto?
Please help I have been fuzzing for hours for both x*l and p*p but found nothing yet…
EDIT: Alright now i have lfi and rfi but how do I upgrade to rce?
Same here… I only found that message, but that and the main page lead me to nothing. Fuzzing a lot, manually and using automated scripts, but didn’t find anything to move forward.
Wait what that message even help us?
Any hint my mind became blank after that… Nudge will be helpful
Enumeration is key for most of the first part of this box.
Think about the types of files you could find in a web directory then think about directory structure.
@segf4ul7 said:
Type your comment> @ls4cfk said:Any hint about crypto?
stuck on it
Read it, decrypt it. It’s all in front of you. (Not referring to the creds you find) You will know what I mean when you reach it.
Do I need to fuzz dir to get b***** ?
Edited. I got this step. No need fuzz dir .
Woo Root #137
Rooted! Kinda easy but I did a whole lot of overthinking. Sometimes its best to do the simple things.
Side Note: Folks have gotta start cleaning up after themselves on HTB boxes. It is really sloppy to leave all your automated scripts lying around.
EDIT: Based on the DMs I’m getting, I thought I’d leave a nudge. Think about what you’re seeing in the php files and lookup any any sample code for php database connections. Compare and you’ll avoid a rabbithole.
@hg8 said:
So far loving the “Please take care of our planet, we only have one.”
Hahahah, glad someone mentioned this.
P.S. All feedback is appreciated! Talk to us so we can improve! As long as it is constructive we will take it into account.
Spoiler Removed