Magic

rooted and learned alot

any nudges on initial foothold. I think some nasty h***** are the way to bypass login, but nothing I tried works. Am I going down a rabbit hole?

have user looking for root, not finding much could use a nudge :slight_smile:

struggling to actually login on the page, any help would be appreciated :)))))

root was hard to spot, but easy to exploit :3
fun box

EDIT: i recommend using that one big expensive commercial tool instead of the cool open source one for root

Yea stuck after user. Ran lots of enum scripts. Found some interesting binary, not sure where to go

edit: got root.

Pretty cool box. Thanks @TRX for the learning experience. Also thanks to @0x41 and @skunk for the tips.

@sh0wa left a great hint for root.

Really enjoyed this, thanks @TRX

User was fun, would appreciate a nudge on root, been trawling the files for a fair while :smiley:

Just can’t get past the login page. I would appreciate a hint :wink:

@ElPenetrador said:
Just can’t get past the login page. I would appreciate a hint :wink:

it’s the first result on google for me ^^

Spoiler Removed

need help with reverse shell

rooted. Box easily but very fun. If you need a hint can ask me

Initial foothold wasnt too bad, now kinda stuck on privesc. So far cool box, very enjoyable

Rooted. Super fun box. Got user super fast. Lost way too much time on root! Like always, way simpler that i initially tought! Little hint for root… if your digging a tunnel, it is probably to dig a rabbit hole… like me… :slight_smile: PM for nudge! :slight_smile:

@AidynSkullz said:
Found a login portal. Got only 1 hit when checking passwords. Is it sl****?
First time posting, so don’t know if it’s a spoiler or not.

I got this also. Simple enum will find you another way in

please, clean everything before leaving… always.

user: behind a made-up face there may be a devil
root: ehi root, are you going to get milk? Take a thing for me too please (thx @boombyte )

root@calipendula:/var/root/htb/185# nc -nvlp 1235
Ncat: Connection from 10.10.10.185:56816.
# id
uid=0(root) gid=0(root) groups=0(root),100(users),1000(t*****s)

Got in as www-****, can’t really see any way up to the user th*****. Found those creds but ain’t working. Tried in multiple places. Found es***** but I guess that’s a rabbit hole. Any nudge / hint would be very helpful. Thanks.

Is someone deleting my backdoors or are they removed automatically? Not really a big deal since I can just upload it quickly again but it’s slightly annoying :neutral:

are the db creds a rabbit hole?