Magic

need help with reverse shell

rooted. Box easily but very fun. If you need a hint can ask me

Initial foothold wasnt too bad, now kinda stuck on privesc. So far cool box, very enjoyable

Rooted. Super fun box. Got user super fast. Lost way too much time on root! Like always, way simpler that i initially tought! Little hint for root… if your digging a tunnel, it is probably to dig a rabbit hole… like me… :slight_smile: PM for nudge! :slight_smile:

@AidynSkullz said:
Found a login portal. Got only 1 hit when checking passwords. Is it sl****?
First time posting, so don’t know if it’s a spoiler or not.

I got this also. Simple enum will find you another way in

please, clean everything before leaving… always.

user: behind a made-up face there may be a devil
root: ehi root, are you going to get milk? Take a thing for me too please (thx @boombyte )

root@calipendula:/var/root/htb/185# nc -nvlp 1235
Ncat: Connection from 10.10.10.185:56816.
# id
uid=0(root) gid=0(root) groups=0(root),100(users),1000(t*****s)

Got in as www-****, can’t really see any way up to the user th*****. Found those creds but ain’t working. Tried in multiple places. Found es***** but I guess that’s a rabbit hole. Any nudge / hint would be very helpful. Thanks.

Is someone deleting my backdoors or are they removed automatically? Not really a big deal since I can just upload it quickly again but it’s slightly annoying :neutral:

are the db creds a rabbit hole?

I uploaded the file but can’t find my file
any hint?

Type your comment> @b33lz3bub said:

I uploaded the file but can’t find my file
any hint?
does it show up on the main page? if so then you’ll be able to tell where it is…

Any hint for the user?

Found Password but can’t log in with it.

Type your comment> @ls4cfk said:

Any hint for the user?

Found Password but can’t log in with it.
you should be able to, unless it’s the wrong password.

Type your comment> @b3nn said:

Type your comment> @ls4cfk said:

Any hint for the user?

Found Password but can’t log in with it.
you should be able to, unless it’s the wrong password.

I do have the pass for th***** but I guess from the discussion there is some other pass too. Swear I traversed the whole dir structure but no good.

Thanks @TRX for this box.

Relatively easy one Both user and privesc require extensive enumeration.

Some tips (hopefully doesnt spoil much):
User: fool the webserver with the asset you are offering to him.
Root: your ‘gang’ is more powerful than you think

Stuck after www, I am wondering is it the same way I’ve done to the server but do it reversely.

I am stuck at the login page. any hints pls.

as someone has mentioned before, no need to bruteforce. think how you could bypass the login page

Type your comment> @b3nn said:

Type your comment> @b33lz3bub said:

I uploaded the file but can’t find my file
any hint?
does it show up on the main page? if so then you’ll be able to tell where it is…

I got the shell

If you’re struggling to find out where your files are uploaded to, go back to the beginning and start again. You will find what you’re looking for.

I’m so happy to finally do an easy-ish linux machine. I only had windows machine left, I which, although I must learn, are not as enjoyable as linux. So a couple hints

Foothole

  • Quite easy, don’t be too clever. I mean, no need for big machines, simple manual work should do it. Back to the basics really.
  • Once you’re in, now you need to be clever. Now you can look for scripts online, Remember your mythology lectures

User

  • Standard enumeration, look carefully.
  • Upgrade you terminal or you might miss it.

Root

  • Again enumeration, it’s not that obvious, but something should stick out, and it is this thing.
  • Remember how linux does first when you type ls or cd.

I hope this is not too much, if it is. pm me, and I’ll remove what’s too much. If you are still stuck guanicoe on discord, if you can find me :wink: