NIbbles

yeah i got the login page and logged in .
what to do after that?

please give some hint for PRIVESC , as many people said , i tried LinEnum.sh …also the his STUFF “m*****r.sh” does the same…i reconed we can moves that file to id(0) …but not able to execute it from there…
am I in the right direction ???

@p5yph3r said:
please give some hint for PRIVESC , as many people said , i tried LinEnum.sh …also the his STUFF “m*****r.sh” does the same…i reconed we can moves that file to id(0) …but not able to execute it from there…
am I in the right direction ???

Me too. Stuck at right there. Please help on privesc.

@d3m0nr007 lets try it together…

DM me

Got root!

DM me for any hint :slight_smile:

hi I new here and I have two days trying everything and I read all the advice that is easy but remember that when it is easy is that one more complicates someone can guide me to opt for the user and password !!!Help!!!

Spoiler Removed - Arrexel

When I got logged into the admin panel… First word came out of my word was…
“F#ckkkk”…

Sometimes trying something easy is difficult. :stuck_out_tongue:

Feel free to PM me if you need help with this box

“Can’t access tty; job control turned off”

Any help on this issue?

God knows what was happening with that portal as the creds sometimes did/didnt work.

I’ve got the root.txt but not needing a root shell or via ssh.

Did anyone get in via SSH in the end or get a root shell instead of using XXX to run root commands.

This is my first box on HTB. The amount of resets are crazy. I’ve enumed the username and login page pretty easily. Ive tried a ton of default passwords and even obvious things that are on the page itself. I feel like its possible based on the comments here that i may have already entered the correct password but its pretty buggy. Can anyone PM me to help so I can move on from this step

@murp said:
This is my first box on HTB. The amount of resets are crazy. I’ve enumed the username and login page pretty easily. Ive tried a ton of default passwords and even obvious things that are on the page itself. I feel like its possible based on the comments here that i may have already entered the correct password but its pretty buggy. Can anyone PM me to help so I can move on from this step

Feel free to PM me

I see a lot of people are having a hard time getting the login creds.

CeWL is the perfect tool for this! Check it out!

@Cervantes said:
This is really frustrating. It is my first maschine and i spent 4 hours on it. looked at so much things: php/bit files, images, dirb, dirbuster for the initial password but could not find it. i don’t know how i should guess it. i also don’t know what htb “deafult” password are… this is really frustrating

the box’s name is there for a reason…

Hi I am Jeff. I tell my friends I am a pro sysadmin and even put it on my resume. In reality though I haven’t been able to figure out where any button other then the “next next next” button is.

Once you realize how foolish Jeff is it only gets worse. Jeff’s laziness continues to create bad security flaws. During enumeration think about how Jeff could have traded security for laziness.

After you figure that out, well the rest is semi easy, just remember seeing isn’t always believing.

Don’t be like Jeff, Jeff gets hacked.

@jc1396 said:
No matter which shell I try, I keep getting “This exploit may require manual cleanup of ‘image.php’ on the target”. Am I missing something here?

you just have to manually figure out the path where the shell is uploaded and trigger ii manually for the first time… for some reason metasploit wont do it for the first time!
google is your friend…

Trying to find a login page. Have enumerated with with dirb, dirbuster. I see an admin page with tons of php files that don’t seem to do much.

hello guys…
i find everything…
i use everything…
but i cant successfull with to be root…
can you help me?

i get a shell, but a shitty one, cant execute basic commands. :blush: