Quick

can anyone give me a hint for root, I’m sitting here with a ssh connection as s****m and am sure I’m missing something obvious

I have find creds to connect to login.php, but I’m stuck there, I know there is something in t****t.php but I’m not getting it, some help would b great

Type your comment> @fireblade said:

can anyone give me a hint for root, I’m sitting here with a ssh connection as s****m and am sure I’m missing something obvious

Stay at home, enumerate all the files you can access. Perhaps two things don’t go together

Type your comment> @GGh0st said:

I have find creds to connect to login.php, but I’m stuck there, I know there is something in t****t.php but I’m not getting it, some help would b great

I’m at this same point. Not sure what to do next. I’ve enumerated via s*****.p** and also noticed you can manually change the id, but not sure how to leverage this to get anywhere.

What did people use to do the first ‘thing’, I am trying curl but cannot seem to get it to work - tried updating curl. Any advice would be useful.

Rooted finally, THANK YOU to everyone that help me along the way. A good box, frustrating when you over look obvious things but some good things learned.

@bashsquid said:
What did people use to do the first ‘thing’, I am trying curl but cannot seem to get it to work - tried updating curl. Any advice would be useful.

Get a really new version of curl and make it yourself.

Wow, rooted.
Thank you @MrR3boot, Great box again.

Type your comment> @Bearcban said:

Type your comment> @GGh0st said:

I have find creds to connect to login.php, but I’m stuck there, I know there is something in t****t.php but I’m not getting it, some help would b great

I’m at this same point. Not sure what to do next. I’ve enumerated via s*****.p** and also noticed you can manually change the id, but not sure how to leverage this to get anywhere.

Look at the headers? There is a clue, then Google which should bring up some interesting information.

root’d this last night. The beginning of this challenge had my eyes rolling because i thought it was typical HTB. Apologies, @MrR3boot
In fact, this is one of the funnest boxes that I’ve done in a while. It wasn’t too hard and it allowed me to create a few simple scripts to eventually root it.

I’m not sure what was said in this thread, but if anyone needs help, let me know.

Type your comment> @ps9786 said:

@bashsquid said:
What did people use to do the first ‘thing’, I am trying curl but cannot seem to get it to work - tried updating curl. Any advice would be useful.

Get a really new version of curl and make it yourself.

I have done so already.

Think I am getting the syntax wrong, it should be working… As it works for the test pages - anyone have any ideas?

phew, finally rooted. Though I found other weakness in the code, couldn’t exploit that.
This machine took my lunch time and beer time for a couple of days :slight_smile:

PM if you need help

This box showed me all kinds of new stuff, thanks for that @MrR3boot !
Unfortunately due to all the resets and connectivity issues, it was rather hard…
I just took it slow with Quick :slight_smile:

PM or Discord #4092 for help

Wow rooted!!

It was a great box overall that made me learn, i probably liked the most using this new technology and lateral movement from user 1 to user 2.

Thanks @MrR3boot for a great box!

Can PM for nudges

root@quick:~# id && hostname uid=0(root) gid=0(root) groups=0(root) quick

Rooted !

Excellent box, I enjoyed all the parts (except the last one maybe). Learned a lot !
Thx @MrR3boot :).

PM if needed

I feel like I’m so close to a shell… I’m signed in and using t*****.p** to inject an e**:i****** which collects my x*** payload and gives me r**. But the instruction seems to terminate early. I can make it call me, and I can get evidence that it’s doing something. I just can’t fork what I need forked, and without the forkage nothing is getting completed. Using J*** because that’s what all the samples use. But maybe it’s not possible like that?

I’ve also tried simple leaking file content into the output and that doesn’t seem to work either, though I suspect that’s not enough to get a shell.

I have to be close. Can anyone give me a nudge?

Edit: Rooted. Got a few nudges - respect distributed. Wasn’t forking at all. A good face-slapper when all’s said and done.

@mRr3b00t ■■■■ of a machine. Well done.

Type your comment> @ElVi7MaJoR said:

hey,
i want to say to whom changing the s****m password there is no need just DM me i will give script to decode the hash

and please no need to reset every 5min
im fighting against changing pass and resetting and f5 and i need to be quick

please !

Or… you know… there’s an even easier path with your own hash… :wink: No need to crack or even disturb the original creds at all. Be like water…

I’m an e** i******** virgin. Been reading up on it and i evidently can’t figure it out.
Any tests arent reaching my machine. I’d appreciate discussing with someone.

I have reset the box a few times, the ticket search bar was returning active tickets earlier and is now not doing so!? - anyone else having this issue?

I am stuck at setting ‘it’ up. If someone too had a lot of trouble and still got it set up or if someone want to help please DM.