Admirer

Hello, i am newbie (3rd boxes only)…
I am stuck after having got all the bunch of credentials in lowest port. I don’t know where to go with these p*p files and can’t find the login page too… thanks for any nudge i am on it since a lot of hours for an easy box :slight_smile:

@AMRANE said:

Hello, i am newbie (3rd boxes only)…
dude this is my first box

.

Type your comment> @redteen said:

i logged in and i don’t know what to do ?
help me.

@redteen said:
@AMRANE said:

Hello, i am newbie (3rd boxes only)…
dude this is my first box

Enumeration are big tips for you. But you need to think to do with known file extensions. Also previous pages contains lots of knowledge about enumeration phase.

EDIT: Rooted last night. I got help for user.txt from @Krocko and @DorKn8 thanks a lot
Also root flag had slightly different path. Maybe i think that so. This machine was little hard for me. But i learnt different things. Thanks for machine creator and everyone.

Hello guys
Could someone please give me a hint on root?
For now, all I know is that it’s related to the famous snake, $P***H and a SV feature in sudo, but my testing shows that there might be still some lost pieces out there.

Edit: Just rooted.

Got user, thanks all for some nudges (spent two days to understand really obvious thing). Now trying to get root

Rooted. At last. For an “easy” box, this one really made my head spin.

Thanks to @spletinckx for prompting me to check my own set up, and extra special thanks to @k4u5h1k for reinforcing a valuable lesson: check your results; just because two files appear to do the same thing, every detail matters.

Tips
for user use your wordlist wisely and please stop using hydra once you get there there’s an online exploit for it

for root I remember ippsec has video on how to root using this P*******H

and PM for hints

i have logged into a******.**p and i have spent hours searching for sensitive files. haven’t got anything till now. I know i need to find some sensitive info but i looked into almost everything that i remeber. still nothing.
Could someone give some nudges where and what i want to look into.

Hello Guys, reading most of your comments about the Admirer machine has been very helpful. I am kinda new on HTB platform. The Admirer machine is next on my list. If I get stocked by any chance, I would most def DM some of your guys.

Thanks for all your comments.

User: Enum, brute force dirs like normal but for this add something more to your command that you haven’t been including before and you will need to use something big.

User2:You know you need to find this but no amount of dir brute forcing seems to show it. Think about what you have found and if the thing you seek could be in front of it.

User3: You finally found it, and using simple enum you should know what you need to do. Time to go rogue.

Root: New priv esc method for me. You know what you can do but if you haven’t done this before you may need to do some research on snakes reading!

Overall, this box was actually solid. Yeah it was filled with rabbit holes here and there, but man did it make me feel good to finish it.

PM if you need a nudge (please tell me what you have tried thus far so I can help point you in the right direction)

So. Many. Rabbit. Holes…

User: fuzz. everything. you will find some interesting files with rabbit holes and hopefully you will find an interesting page. Research it, there’s articles detailing the vulnerability and how to exploit it.
Root: start by looking around to see the code of the web pages you’ve encountered so far, one of them should seem interesting to you as it runs something with root privilege and there’s a pretty nice exploit there

HMU if you need help

Stuck on user - have managed to leverage the exploit for a*****.p** and can query local data and even found some new creds but can’t seem to use them anywhere. Any nudges on where to be looking would be helpful

The user part was really unique…learnt a lot from it!

Type your comment> @GH057404 said:

i have logged into a******.**p and i have spent hours searching for sensitive files. haven’t got anything till now. I know i need to find some sensitive info but i looked into almost everything that i remeber. still nothing.
Could someone give some nudges where and what i want to look into.

rooted.
and thanks @vicviper89 for the help

@Y0urM4m4 said:

Can someone explain me how to choose a wordlist over another? When should I choose this wordlist over another one.

I often struggle with this. I don’t think there is an easy answer and generally people fall into using their favourites.

When wordlist A doesn’t work, its often a case of just trying other ones.

@AMRANE said:

Hello, i am newbie (3rd boxes only)…
I am stuck after having got all the bunch of credentials in lowest port. I don’t know where to go with these p*p files and can’t find the login page too… thanks for any nudge i am on it since a lot of hours for an easy box :slight_smile:

Try reading the files you have and see if you can find them on the server.

Pffff, finally got user. Was not “easy” so far. :wink:

Can anyone help me with i am stuck after finding files in f*p. Didn’t get any login till now