ForwardSlash

Type your comment> @clubby789 said:

I rooted, but I don’t quite understand why what I did works. If someone can explain the c****o part to me, that wouuld be much appreciated.

Any hits ?

My enum game is weak on this one, only found the text and can’t bust anymore from the ‘clue’ :frowning:

Edit:
nvm being lazy

Type your comment> @fmwd said:

Type your comment> @clubby789 said:

I rooted, but I don’t quite understand why what I did works. If someone can explain the c****o part to me, that wouuld be much appreciated.

Any hits ?

Consider doing one of the easier boxes first. The box has only been up for 12 hours…

Is password from *.php rabbit hole?

Type your comment> @ls4cfk said:

Is password from *.php rabbit hole?

Try reading all php files you can. You must have seen something like Unauthorized

user: read notes, find location, signup and use text fields, bond something together to escalate
root: enumerate, routine check and get the right way, open you eyes, is there

root@forwardslash:~# ifconfig | fgrep 10. | awk ‘{print $2}’
10.10.10.183
root@forwardslash:~# id
uid=0(root) gid=0(root) groups=0(root)

foxlox

So far loving the “Please take care of our planet, we only have one.”

EDIT: And rooted. Really nice box but I fell into too much rabbit holes…
Thanks to InfoSecJack & chivato for this great box!

After you’ve rooted, please, undo everything you’ve done and clean up. Stop leaving the door open.

Any hint about crypto?

Type your comment> @ls4cfk said:

Any hint about crypto?

stuck on it

Please help I have been fuzzing for hours for both x*l and p*p but found nothing yet…
EDIT: Alright now i have lfi and rfi but how do I upgrade to rce?

Same here… I only found that message, but that and the main page lead me to nothing. Fuzzing a lot, manually and using automated scripts, but didn’t find anything to move forward.

Wait what that message even help us?
Any hint my mind became blank after that… Nudge will be helpful

Enumeration is key for most of the first part of this box.
Think about the types of files you could find in a web directory then think about directory structure.

@segf4ul7 said:
Type your comment> @ls4cfk said:

Any hint about crypto?

stuck on it

Read it, decrypt it. It’s all in front of you. (Not referring to the creds you find) You will know what I mean when you reach it.

Do I need to fuzz dir to get b***** ?

Edited. I got this step. No need fuzz dir .

Woo Root #137

Rooted! Kinda easy but I did a whole lot of overthinking. Sometimes its best to do the simple things.
Side Note: Folks have gotta start cleaning up after themselves on HTB boxes. It is really sloppy to leave all your automated scripts lying around.

EDIT: Based on the DMs I’m getting, I thought I’d leave a nudge. Think about what you’re seeing in the php files and lookup any any sample code for php database connections. Compare and you’ll avoid a rabbithole.

@hg8 said:
So far loving the “Please take care of our planet, we only have one.”

Hahahah, glad someone mentioned this.

P.S. All feedback is appreciated! Talk to us so we can improve! As long as it is constructive we will take it into account.

Spoiler Removed