Quick

Type your comment> @Dzsanosz said:

Type your comment> @gciofeca said:

Type your comment> @alalno said:

Where are u guys getting the creds for login?? I’m getting “Error code: SSL_ERROR_RX_RECORD_TOO_LONG” & stuck here…is there any other any port I’m missing out?

This seems to be a common problem. This is coming up because your browser is trying to negotiate HTTPS like the link tells it to, but is not receiving what it expects. It thinks it is receiving an SSL record that is too long, it is actually just getting the same HTML page you’d get from a port that’s not supporting HTTPS. So… is there another port you might need to try?

Could You please explain this in a little bit? (evern in PM). I’m also stuck ath this point, I only found a VERY FEW ports open, jusdt this one is realted to http…
Any nuggets/explanation would be highly appreciated!

https://google.com:80/ vs https://google.com:443/

Means: You are trying SSL on the wrong port.

Type your comment> @doxxos said:

Type your comment> @Dzsanosz said:

Type your comment> @gciofeca said:

Type your comment> @alalno said:

Where are u guys getting the creds for login?? I’m getting “Error code: SSL_ERROR_RX_RECORD_TOO_LONG” & stuck here…is there any other any port I’m missing out?

This seems to be a common problem. This is coming up because your browser is trying to negotiate HTTPS like the link tells it to, but is not receiving what it expects. It thinks it is receiving an SSL record that is too long, it is actually just getting the same HTML page you’d get from a port that’s not supporting HTTPS. So… is there another port you might need to try?

Could You please explain this in a little bit? (evern in PM). I’m also stuck ath this point, I only found a VERY FEW ports open, jusdt this one is realted to http…
Any nuggets/explanation would be highly appreciated!

https://google.com:80/ vs https://google.com:443/

Means: You are trying SSL on the wrong port.

Okay, but I only found one port regarding web traffic (and also it’s not on the standard position)…so I’m a bit confused

Type your comment> @Dzsanosz said:

Type your comment> @doxxos said:

Type your comment> @Dzsanosz said:

Type your comment> @gciofeca said:

Type your comment> @alalno said:

Where are u guys getting the creds for login?? I’m getting “Error code: SSL_ERROR_RX_RECORD_TOO_LONG” & stuck here…is there any other any port I’m missing out?

This seems to be a common problem. This is coming up because your browser is trying to negotiate HTTPS like the link tells it to, but is not receiving what it expects. It thinks it is receiving an SSL record that is too long, it is actually just getting the same HTML page you’d get from a port that’s not supporting HTTPS. So… is there another port you might need to try?

Could You please explain this in a little bit? (evern in PM). I’m also stuck ath this point, I only found a VERY FEW ports open, jusdt this one is realted to http…
Any nuggets/explanation would be highly appreciated!

https://google.com:80/ vs https://google.com:443/

Means: You are trying SSL on the wrong port.

Okay, but I only found one port regarding web traffic (and also it’s not on the standard position)…so I’m a bit confused

Nmap defaults to a specific protocol, but it is not the only one… :wink:

Rooted… That was QUITE the journey! Some bleeding edge tech, some very obscure tech, and some very old tricks. :wink: Initial foothold was the most frustrating, but very educational.
Then after getting the second user it was so late that I missed a few very obvious things. Picked it up a day or two later with a fresh mind and breezed through to root.

For the initial foothold I got most frustrated with software that said it supported a certain thing after enabling something in the config, but in reality just didn’t work. Perhaps a little birdie that’s only available on Windows would work, but on Linux I ended up compiling a new version of a very common tool with the features I needed.

Is there any issue in the box, I am getting 502 bad gateway error in burp.
Can anyone explain to me why I am getting this error?

root@quick:~# hostname && id && date
quick
uid=0(root) gid=0(root) groups=0(root)
Thu Apr 30 14:48:26 UTC 2020

This box took it out of me! i think i need to sleep for a few days.
Root seemed simple compared to foothold and user1 > 2.

Need to redo the box to make my notes make sense!

Rooted!

This was a journey. I think this box had an intended path but still educated guessing was required. I def learned quite a bit and have some new things to keep in mind when enumerating.

Initial Foothold: scan for all ports and protocols. Monitor your network traffic with wireshark and enrich the info coming out of your scans. Google a lot of stuff.

User1: always proxy your web traffic. use site as a user. go back and inspect all params, headers, google things you dont know. fuzz things and look at how the app responds. repeat.

user2: this was cool, used some custom exploit script but not sure if it would be required. source code analysis could benefit and speed up exploitation

root: standard enumeration. look everywhere. then look again. then you still missed it. then sh** your dumb why did you miss that. root shell after.

DM on forums or on discord: d4rkm0de#1200

rooted finally

thank you all

Rooted, so much fun

Thx for this box too much research

my hints

User: I needed change a web client a research how to access the service. Recompile all the info and make list combining the info by default (read the manuals). When you logged into the form and you have tried “everything” try one more think using the response

Root: Try to understand how the every webapp works. “This a custom exploit based on other”. At the final step just take a look around

Was very hard for me. Thx

Once logged in, should we wait for an admin to search for it bankrobber style?

EDIT: nevermind, I think I got it :slight_smile:

quick was never quick lol… just rooted quick. hit me up for nudges

why it so hard to access pr*****2.*****.htb:***1 ??
the server often not response but sometimes it answer my calling.

Holy Moly! Finally got to the stage where I can go for root but I had to reset the machine a few times - the box got into a weird state for some reason and that cost a few hours. Getting this far has been tricky.

Ah man that user part was great! Thanks @MrR3boot that was a nice learning experience!!!

Type your comment> @dojoku said:

why it so hard to access pr*****2.*****.htb:***1 ??
the server often not response but sometimes it answer my calling.

if you already got access to user, you can easily use port fwd :smiley:

For God’s sake please stop f****** resetting the box. Even on the EU VIP, loosing connection for every 10 minutes.

Type your comment> @nav1n said:

For God’s sake please stop f****** resetting the box. Even on the EU VIP, loosing connection for every 10 minutes.

Me too bro

Its hard to work on the payload for foothold while you get Error retrieving URL every time and people reset …