Traceback

Spoiler Removed

@dalemazza said:
Type your comment> @in3vitab13 said:

How are people getting ideas of OSINT? i see it nowhere in the page source!
and also the author has collection of web-shells? but how do i use this info?
and also how do i use OSINT to proceed further?

The author has a collection of webshells. These are .PHP. you are attacking port 80. Maybe you can check for webshells already installed?

also, whats this hype about OSINT in the discussions?!

Type your comment> @in3vitab13 said:

(Quote)
also, whats this hype about OSINT in the discussions?!

It stands for Open source intelligence. It’s a very broad term to use. It is using any legal means of collecting information on a target. Think of it as being passive reconnaissance

ohkay who is this fucker , who keeps messing with the box!
It says my flag is wrong while submittng it!!

why does it say my flag is incorrect even after resetting it?

@in3vitab13 said:

why does it say my flag is incorrect even after resetting it?

The dynamic flags should change on each reset. It probably takes a few minutes after a reset for the flags to be working but I’ve no idea how it works on the backend.

If you have problems with this, you need to raise it with HTB via Jira so they can understand the scope of the problem. Jira Service Management

Type your comment> @TazWake said:

@in3vitab13 said:

why does it say my flag is incorrect even after resetting it?

The dynamic flags should change on each reset. It probably takes a few minutes after a reset for the flags to be working but I’ve no idea how it works on the backend.

If you have problems with this, you need to raise it with HTB via Jira so they can understand the scope of the problem. Jira Service Management

yeah, it worked once i tried it after a while!

Hint:
For rooting, I checked running processes and I need to ssh the box (without password) to get reverseshell

Type your comment> @dalemazza said:

Type your comment> @in3vitab13 said:

How are people getting ideas of OSINT? i see it nowhere in the page source!
and also the author has collection of web-shells? but how do i use this info?
and also how do i use OSINT to proceed further?

The author has a collection of webshells. These are .PHP. you are attacking port 80. Maybe you can check for webshells already installed?

They are gone now as of the submission of this comment. Finally once i got an idea of how to approach after the OSINT, it’s gone.

Not sure what’s going on but that’s not cute, man lol. People need to stop ruining the fun.

@3rpleThr3at said:

They are gone now as of the submission of this comment. Finally once i got an idea of how to approach after the OSINT, it’s gone.

No - just checked, its there.

Type your comment> @TazWake said:

@3rpleThr3at said:

They are gone now as of the submission of this comment. Finally once i got an idea of how to approach after the OSINT, it’s gone.

No - just checked, its there.

So apparently what i saw before was other peoples garbage and when I enummed again, I changed my query and boom… some dirs

Someone deleted the index? I can see s*****k.php just by browsing to the IP

now the lua script isn’t there anymore… I would restore it if I just remembered the line correctly

I found the user.txt file but on submitting it’s showing incorrect flag

@cosmicWind said:

I found the user.txt file but on submitting it’s showing incorrect flag

It could be one of many things.

It could be that the box has recently rebooted and the flag you found isn’t yet in the system. It could be that the box rebooted between you finding the flag and pasting it in.
It could just be a fault in the API for the flags and should be reported via Jira (Jira Service Management)

Finally rooted! very interesting things happened while I was trying it. Learned a lot, thanks to the creator!

Hello! I’m stuck on traceback machine, i got the user but i dont know what i have to do to root it. Somebody could help me? :smiley:

Type your comment> @3rpleThr3at said:

Type your comment> @dalemazza said:

(Quote)
They are gone now as of the submission of this comment. Finally once i got an idea of how to approach after the OSINT, it’s gone.

Not sure what’s going on but that’s not cute, man lol. People need to stop ruining the fun.

A bit dramatic ? glad you got it to work eventually!

Can anyone give me a clue on these processes?

Edit: So I got the root flag but I’m not sure if this was the correct way to do this…no root shell, just read the flag…

Are the 403’s normal in the busted directories? Trying to use belch to bypass if there is a w*f.