Admirer

PS: We have probably spent a similar amount of time answering “hint queries” as we did in creating the box… :wink:

@GibParadox and @polarbearer this box rocked. Was my first one where I got to ride from the start. Not gonna say I didn’t have some frustrations along the way, but that’s what makes it really cool when it all comes together in the end.

It’s not a cakewalk, but it’s quite doable and I learned a fair bit. Thank you!

That took a while! Well made box. Wasn’t a huge fan of the fuzzing but the root was an interesting problem to solve. Needed a tiny nudge to know if I was on the right track. It’s easy to spot but takes some patience to solve I guess.

Rooted. thanks to @GibParadox and @polarbearer for a very cool box. It took me a lot longer then I thought… and I needed some advice from @thuune and @dinosn for the final step. I have done all of the easy and medium boxes on HTB in the last few months and I would say this was one of the more difficult ones. Attention to detail is very important. Agree with @GibParadox on it being more about perseverance. But I will say you need some technical know-how in the end. I learned several things that i’ll use in the future, so what else can you ask for?

ifconfig |fgrep 10. |awk ‘{print $2}’ && whoami && hostname

10.10.10.187
root
admirer

Ok, i rooted this box, spent way too long on root. I have a question though, people are talking about user 1 and user 2. I only need to get 1 user before root, could someone pm for more details

Type your comment> @guanicoe said:

Ok, i rooted this box, spent way too long on root. I have a question though, people are talking about user 1 and user 2. I only need to get 1 user before root, could someone pm for more details

Just one user and then root - all is good.

Congratulation to the authors. This box was really fun, tricky and smart. Worth your time definitely.

Spoiler Removed

Spoiler Removed

rooted this box. I would rate this as medium, not to easy especially on user :smiley:
Tips on root, be creative. If shell doesn’t pop on your listener, find the alternative ways.

finally i got root…
i did not know i can use sudo in this way… this is no way easy, i think rated medium is more fair.

Type your comment> @sirbowen said:

finally i got root…
i did not know i can use sudo in this way… this is no way easy, i think rated medium is more fair.

Surprised the ■■■■ out of me too. I am not even sure how I stumbled on an example of how to do it. I did not like this box at all. But having learned that makes it worth it.

Type your comment> @limelight said:

Rooted. thanks to @GibParadox and @polarbearer for a very cool box. It took me a lot longer then I thought… and I needed some advice from @thuune and @dinosn for the final step. I have done all of the easy and medium boxes on HTB in the last few months and I would say this was one of the more difficult ones. Attention to detail is very important. Agree with @GibParadox on it being more about perseverance. But I will say you need some technical know-how in the end. I learned several things that i’ll use in the future, so what else can you ask for?

ifconfig |fgrep 10. |awk ‘{print $2}’ && whoami && hostname

10.10.10.187
root
admirer

Yeah I agree, the tech know-how is a must… I would need to polish my web searching skills (proper keyword search), I have been going merry go round on a command which I never used in this way before…

Type your comment> @StrongAle said:

Type your comment> @4mph15b43n4 said:

Hello, first time posting here. So, I found the login page with that famously known service. I tried all the credentials (found on the lowest port on c**********.t**, i****.p** and d*_***.p) but nothing works. Am I missing something? I read about the typo but I’m lost… From what I know HTB machines don’t require brute-forcing so I didn’t even tried. I would appreciate a nudge. Thank you!

I’m at the same point… Any hints?

Same here. Any hints?

rooted, after 8 hours
thank you @GibParadox and @polarbearer for a cool machine

Got user. Nice so far.

rooted
very interested way to gain root
Thank to @polarbearer & @GibParadox

i got user yesterday finally but what i notice is that this box is getting reset all the time as well.
NO NEED
also no need at all for dirb dirbuster or whatever
just read carefully ,what you found first .then think logically and find the info manually .
Then google fu and you will be on the box hopefully but again think what you want when you find what you have to exploit.
Then for root i am still trying but people reset and it is unstable : (
as always

but so far i find the box cool and yeah i got into tons of rabbitholes until got user but thats what it is ,this way we learn

can someone give me a hand on the d…e, i keep getting a “connection refused”

edit: @coffeeBLK thanks for your help, got it working now

Fun box. Very creative. Thanks to the makers. I’d rate it as a medium. My tips:
There is a reason Kali comes with so many lists.
There is a reason why your tools have so many switches.
The reason it is good practice to remove banners is to increase the difficulty of finding an exploit. So if you find a banner, it is a gift.
When something is new, it is…new.
In Unix, everything is a file. And files are based on paths.
If you need a nudge, will be glad to help if you PM your current progress.