Admirer

Not easy level. It is harder than previous machine, Magic (Medium).

Initial foothold:
*** ssh bruteforcing is not needed nor for any other service ***
*** READ EVERYTHING DONT BE LAZY you will miss hints ***
1- enum as much as possible, and read everything this should give you the first access
2- once you get the first access you will be able to perform more enumeration on hidden things.
3- have patience this is where mostly everyone gives up. but you shouldnt the enum will finally come. and will land you on a page

User:
1- open that page and then search about it. now get user since you found that page everyone is talking about on here
2- once you have your acting face setup and ready think about what you need to obtain. things might not seem alike .

Root:
1- inspect everything so you dont fall in a trap and disappear.
2- learn on how to take control of the things .sometimes its hard to spot what waldo has googling about his powers here helps.
3- the trick is well known but for this box it will need tweaking and learning about it persistence is key .
4- once you know how to change the flow . get your root.txt

dont give up. the initial foothold was the toughest just to make you give up.

Anyone got a nudge on the A******.p** login page?

This was a very cool box, I really enjoyed it. Definitely frustrating in some parts but a cool learning experience!

Right, guys.

It’s been a couple of days now, and we have seen all sorts of reactions to Admirer.

We designed this box we a few things in mind:

  • Attention to detail is crucial in pentesting.
  • Enumeration should ALWAYS start from the very basic. Never skip anything, no matter how simple it seems.
    We also wanted a cohesive, realistic flow, and hopefully with some learning points for people from all skill levels.

While we are loving the positive feedback we are getting, we understand not everyone is happy (this is a given, I guess), but we are satisfied with the overall feeling, so thanks to everyone for that.

We put quite some work in the design and implementation of the box, and it was an amazing learning experience which we are proud of.

Is the level rating wrong? Maybe… but, if you look at what needed to be done after rooting it… did you need any advanced techniques? if your answer is no, then maybe the rating is correct, and it was all about perseverance, and not pure technical skills.

Again, thanks for the feedback. We will be back (if Egotistical agrees haha)

PS: We have probably spent a similar amount of time answering “hint queries” as we did in creating the box… :wink:

@GibParadox and @polarbearer this box rocked. Was my first one where I got to ride from the start. Not gonna say I didn’t have some frustrations along the way, but that’s what makes it really cool when it all comes together in the end.

It’s not a cakewalk, but it’s quite doable and I learned a fair bit. Thank you!

That took a while! Well made box. Wasn’t a huge fan of the fuzzing but the root was an interesting problem to solve. Needed a tiny nudge to know if I was on the right track. It’s easy to spot but takes some patience to solve I guess.

Rooted. thanks to @GibParadox and @polarbearer for a very cool box. It took me a lot longer then I thought… and I needed some advice from @thuune and @dinosn for the final step. I have done all of the easy and medium boxes on HTB in the last few months and I would say this was one of the more difficult ones. Attention to detail is very important. Agree with @GibParadox on it being more about perseverance. But I will say you need some technical know-how in the end. I learned several things that i’ll use in the future, so what else can you ask for?

ifconfig |fgrep 10. |awk ‘{print $2}’ && whoami && hostname

10.10.10.187
root
admirer

Ok, i rooted this box, spent way too long on root. I have a question though, people are talking about user 1 and user 2. I only need to get 1 user before root, could someone pm for more details

Type your comment> @guanicoe said:

Ok, i rooted this box, spent way too long on root. I have a question though, people are talking about user 1 and user 2. I only need to get 1 user before root, could someone pm for more details

Just one user and then root - all is good.

Congratulation to the authors. This box was really fun, tricky and smart. Worth your time definitely.

Spoiler Removed

Spoiler Removed

rooted this box. I would rate this as medium, not to easy especially on user :smiley:
Tips on root, be creative. If shell doesn’t pop on your listener, find the alternative ways.

finally i got root…
i did not know i can use sudo in this way… this is no way easy, i think rated medium is more fair.

Type your comment> @sirbowen said:

finally i got root…
i did not know i can use sudo in this way… this is no way easy, i think rated medium is more fair.

Surprised the ■■■■ out of me too. I am not even sure how I stumbled on an example of how to do it. I did not like this box at all. But having learned that makes it worth it.

Type your comment> @limelight said:

Rooted. thanks to @GibParadox and @polarbearer for a very cool box. It took me a lot longer then I thought… and I needed some advice from @thuune and @dinosn for the final step. I have done all of the easy and medium boxes on HTB in the last few months and I would say this was one of the more difficult ones. Attention to detail is very important. Agree with @GibParadox on it being more about perseverance. But I will say you need some technical know-how in the end. I learned several things that i’ll use in the future, so what else can you ask for?

ifconfig |fgrep 10. |awk ‘{print $2}’ && whoami && hostname

10.10.10.187
root
admirer

Yeah I agree, the tech know-how is a must… I would need to polish my web searching skills (proper keyword search), I have been going merry go round on a command which I never used in this way before…

Type your comment> @StrongAle said:

Type your comment> @4mph15b43n4 said:

Hello, first time posting here. So, I found the login page with that famously known service. I tried all the credentials (found on the lowest port on c**********.t**, i****.p** and d*_***.p) but nothing works. Am I missing something? I read about the typo but I’m lost… From what I know HTB machines don’t require brute-forcing so I didn’t even tried. I would appreciate a nudge. Thank you!

I’m at the same point… Any hints?

Same here. Any hints?

rooted, after 8 hours
thank you @GibParadox and @polarbearer for a cool machine