Admirer

Anyone care to help with the last step (hopefully…) to user - I found the page and try to get it to connect to my db, but I’m probably doing something wrong with the setup.

Type your comment> @trevorphillips said:

Anyone care to help with the last step (hopefully…) to user - I found the page and try to get it to connect to my db, but I’m probably doing something wrong with the setup.

What did u do to config?

Crazy box… Makes you wanna break ur head but ull learn a lot… Thanks to @dinosn for the tips… Feel free to ping me for nudges

Waouw what a pain!!!
Finally rooted after days on it.
Probably the hardest box i have done .

I think the difficulty is that avoiding rabbit holes and detecting every little details comes with a lot of experience.
That is the hardest part to learn in pentest , not a special techniques that you can learned but lots of practicing that you make “feel” the rigth spot.

Anyway it makes me learn a lots of things on myself and probably increase my skills.
Thanks @polarbearer and @GibParadox for the box.

Feel free to PM for nudge.

Error in query (2000): open_basedir restriction in effect. Unable to open file

i am using that rouge guy as local server, but i am always getting this message, is that normal?

Edit: just rooted
Such a grate Box. (:

Type your comment> @rnshkkj said:

Error in query (2000): open_basedir restriction in effect. Unable to open file

i am using that rouge guy as local server, but i am always getting this message, is that normal?

Hi, others people gave the answer on the forum.
So, maybe you have this message cause you are trying to open a file that you don’t have the reading rights :wink:

Is it necessary to do a reverse shell from the snake, or is there a way to spawn a shell directly from within sh****.p*?

Hello guys. For foothold how to figure out what file to read after the exploitation? Is something that I had to know from the enumeration? Or something else? Thank you!

Just popped root :). Wow! What a fun box!! Outstanding work to the creators!!

User: I use ffuf for dir fuzzing, for this box you definitely want to look over all the options of ‘-h’ and look for other ones that might be useful when brute forcing.

Root: This took me longer than it should have, read the man pages for sudo and python and also pay attention to what permissions you’re allowed.

Hey guys, stuck after f** login. Could anyone please pm me some nudges? Thank you

@roman1 said:
Hey guys, stuck after f** login. Could anyone please pm me some nudges? Thank you

Extract and compare to live

I have mixed feelings about this box. Getting a foothold was painful but at the same time introduced me to some new fuzzing tools and some very helpful nudges. To get the user, it is possible to join the dots through the various files that are discovered during enumeration but only if you are aware that the admin tool that everybody probably knows is being superseded by the one used on this box. Getting the user after that was common sense if you remember that what appears to be used for access to one part can also be used to access another which seems to be quite common across a lot of the HTB boxes.
My favourite bit undoubtedly has been the escalation to root. The sense of satisfaction of getting root was amazing. I thought I knew straight away how to get there until I realised that the permissions had been set in such a way that it wouldn’t be possible. Thanks to google and a couple of very good articles, I have a better understanding of the paths the snake takes and how you can make it go down paths that you want it to. The elevator can help with a key to ensure that things stay as needed so your exploit calls home. I wouldn’t say this was an easy box but does teach that as you gather each piece of information you need to enumerate everything again as additional bits can appear from one step to the next.
Thank you @TazWake and @killerhold for the nudges very much appreciated.

I just got a user.
It was not so easy.
I think this box should have an medium rating.
Hint for user: if you’re not comfortable with MySQL, can read this article:
https://www.hackingarticles.in/penetration-testing-on-mysql-port-3306/
Hope this not a spoiler

Now for root…

And root !!!
For my surprise root was not difficult, maybe because I already dealt with something similar.
Hint for root:
Think how to trick a snake in a library.

PM me if you need help.

Finally got root. I clearly missed something important in the beginning and I’m not sure why I overlooked it for hours on end. Weird.
Many thanks for the ones who gave me a push in the right direction.

And, of course, thanks to the creators of this box.
(Not sure if I would rate it easy though, but enough said about that)

That was painful. Thanks to @roumy and @ixxelles for hints.

PM me if stuck.

I could use a gentle nudge :slight_smile: I have fuzzed my way to a credentials.txt but i cant wrap my head around how to get it so i can read in it. i have also dirb***** a lot but couldnt find the login page. Any advice is welcome

Could use a hint with the foothold here. Cant seem to find this login page. I think i have most of the other pieces.

edit: rooted.

def takes a lot of patience to properly enumerate everything, can’t rush through it for user part.
Root i needed to get some hints but overall not too crazy.

DM me for help.

which wordlists you guys use?

Type your comment> @CI9HER said:

which wordlists you guys use?

There are many wordlists available as BIGbang.