Magic

Just can’t get past the login page. I would appreciate a hint :wink:

@ElPenetrador said:
Just can’t get past the login page. I would appreciate a hint :wink:

it’s the first result on google for me ^^

Spoiler Removed

need help with reverse shell

rooted. Box easily but very fun. If you need a hint can ask me

Initial foothold wasnt too bad, now kinda stuck on privesc. So far cool box, very enjoyable

Rooted. Super fun box. Got user super fast. Lost way too much time on root! Like always, way simpler that i initially tought! Little hint for root… if your digging a tunnel, it is probably to dig a rabbit hole… like me… :slight_smile: PM for nudge! :slight_smile:

@AidynSkullz said:
Found a login portal. Got only 1 hit when checking passwords. Is it sl****?
First time posting, so don’t know if it’s a spoiler or not.

I got this also. Simple enum will find you another way in

please, clean everything before leaving… always.

user: behind a made-up face there may be a devil
root: ehi root, are you going to get milk? Take a thing for me too please (thx @boombyte )

root@calipendula:/var/root/htb/185# nc -nvlp 1235
Ncat: Connection from 10.10.10.185:56816.
# id
uid=0(root) gid=0(root) groups=0(root),100(users),1000(t*****s)

Got in as www-****, can’t really see any way up to the user th*****. Found those creds but ain’t working. Tried in multiple places. Found es***** but I guess that’s a rabbit hole. Any nudge / hint would be very helpful. Thanks.

Is someone deleting my backdoors or are they removed automatically? Not really a big deal since I can just upload it quickly again but it’s slightly annoying :neutral:

are the db creds a rabbit hole?

I uploaded the file but can’t find my file
any hint?

Type your comment> @b33lz3bub said:

I uploaded the file but can’t find my file
any hint?
does it show up on the main page? if so then you’ll be able to tell where it is…

Any hint for the user?

Found Password but can’t log in with it.

Type your comment> @ls4cfk said:

Any hint for the user?

Found Password but can’t log in with it.
you should be able to, unless it’s the wrong password.

Type your comment> @b3nn said:

Type your comment> @ls4cfk said:

Any hint for the user?

Found Password but can’t log in with it.
you should be able to, unless it’s the wrong password.

I do have the pass for th***** but I guess from the discussion there is some other pass too. Swear I traversed the whole dir structure but no good.

Thanks @TRX for this box.

Relatively easy one Both user and privesc require extensive enumeration.

Some tips (hopefully doesnt spoil much):
User: fool the webserver with the asset you are offering to him.
Root: your ‘gang’ is more powerful than you think

Stuck after www, I am wondering is it the same way I’ve done to the server but do it reversely.

I am stuck at the login page. any hints pls.

as someone has mentioned before, no need to bruteforce. think how you could bypass the login page