ForwardSlash

Do I need to fuzz dir to get b***** ?

Edited. I got this step. No need fuzz dir .

Woo Root #137

Rooted! Kinda easy but I did a whole lot of overthinking. Sometimes its best to do the simple things.
Side Note: Folks have gotta start cleaning up after themselves on HTB boxes. It is really sloppy to leave all your automated scripts lying around.

EDIT: Based on the DMs I’m getting, I thought I’d leave a nudge. Think about what you’re seeing in the php files and lookup any any sample code for php database connections. Compare and you’ll avoid a rabbithole.

@hg8 said:
So far loving the “Please take care of our planet, we only have one.”

Hahahah, glad someone mentioned this.

P.S. All feedback is appreciated! Talk to us so we can improve! As long as it is constructive we will take it into account.

Spoiler Removed

@chivato this machine is powerful, I loved it, only a thing: many peoples wrote me to ask nudges on root, because 7 on 10 said that found the directory with i****a Key already in, skipping a lot of steps.

I think that a crontab process to clean is needed.

Really congrats for machine, learned new things. Thx and cheers from suffering Italy

@chivato Looks like my path to root was unintentional. Not sure I understand it but I think I managed to skip a part of the rooting process because someone else was already in the middle of it. Not sure how you would fix that but happy to get on a dm if you want to dig into it.

Spoiler Removed

@foxlox said:
@chivato this machine is powerful, I loved it, only a thing: many peoples wrote me to ask nudges on root, because 7 on 10 said that found the directory with i****a Key already in, skipping a lot of steps.

I think that a crontab process to clean is needed.

Really congrats for machine, learned new things. Thx and cheers from suffering Italy

Thank you so much! As our first box we were hoping we did ok.

We will keep this in mind for the future, thanks again ?

hey i think im doing this the unintended way, i can read source code but not finding anything good. is there supposed to be credz

Only got the user flag so far. Fun, but tough ride for me! I’m little confused for the next part. Does the b…p bin only served the purpose of reading the flag?? Or there is something i’m missing and it could help me with that c…o thing? I’m desesperatly in need of a k… :smile:

Still searching the xml file… :wink: Those comments are more confusing than anything else, if it can help others!!

@CarpetMan said:
Type your comment> @fmwd said:

(Quote)
Consider doing one of the easier boxes first. The box has only been up for 12 hours…

I did the easier already & 185 of users already owned this ForwardSlash box , thx

Type your comment> @foxlox said:

user: read notes, find location, signup and use text fields, bond something together to escalate
root: enumerate, routine check and get the right way, open you eyes, is there

root@forwardslash:~# ifconfig | fgrep 10. | awk ‘{print $2}’
10.10.10.183
root@forwardslash:~# id
uid=0(root) gid=0(root) groups=0(root)

(Image)

WOW , congrats

Spoiler Removed

Is bruteforcing a function necessary ?

Anyone, need help on the c****o part. I’ve tried a number of things but I still can’t seem to figure it out.

rooted! Finally got it! thx @InfoSecJack and @chivato
Thx alot @Tartofraise, @Boschko, @mxrch

Spoiler Removed

Spoiler Removed

Those who got root with the unintended way, try to learn why that trick worked