Rooted:
root@quick:~# hostname && id
quick
uid=0(root) gid=0(root) groups=0(root)
Thanks @MrR3boot that was a nice learning experience!!!
Feel free to drop me a message if u need help
Rooted:
root@quick:~# hostname && id
quick
uid=0(root) gid=0(root) groups=0(root)
Thanks @MrR3boot that was a nice learning experience!!!
Feel free to drop me a message if u need help
You need to do two tasks for each step. I try to give you some hints although it is really hard to give hints without spoiling the box.
Edit or delete the comment if it spoils the box.
Initial foothold:
Nmap supports different protocols for scanning. You can find some port numbers which works on different protocols. Find it and google for the appropriate tool.
Pick your smartphone up and look at your gmail inbox, you haven’t recieved all emails from gmail users, right?
User1:
Always know what you request and what you get in return. Burpsuite is always your friend.
User2:
Oh ■■■■! its really amazing, just read, and think out of the box. If you are not good at programming, hmmmm it’s ok, you can find another way to get into the page. just Think Out Of The Box.
If you are not good at PHP, hmmm you would be in pain
Root:
There is nothing to say, just stay at home and read everything you see.
Why won’t htb let me reply to more than two inbox messages?
@CRYP70 They have a protection in place that won’t let you send a certain number of messages within a certain time frame (30 seconds, I think).
I’m user 1 and found the p****** files, but I don’t understand how to access the pages. Do I need to set this thing up myself?
I struggled hard with this box but in reply to all the messages here’s my two cents of hints:
if(‘spoiler’ == true){
remove_post();
}
peace everyone, hope ya’ll had a good weekend!
Feel like I am missing something easy and could use a nudge, I have the first password and I feel like im just sitting here playing guess the email, what am I missing. I have tried generating a bunch of potential things based on clues in other pages.
@user29 said:
Feel like I am missing something easy and could use a nudge, I have the first password and I feel like im just sitting here playing guess the email, what am I missing. I have tried generating a bunch of potential things based on clues in other pages.
It is a bit of “guess the email” but this is pretty much the crux of enumeration. There is enough information available on the various bits you have access to, so that you can “guess” the email you need.
However, it might be better to use the information to create a wordlist then try a password spray attack.
Rooted!!
Great box!
I have access to the login creds and t******.php, but I need help with my payload. I can get commands to execute (from what I can tell), but I can’t get anything useful to run successfully.
Edit: nvm I figured it out.
Feel like I am missing something easy and could use a nudge, I have the first password and I feel like im just sitting here playing guess the email, what am I missing. I have tried generating a bunch of potential things based on clues in other pages.
It is a bit of “guess the email” but this is pretty much the crux of enumeration. There is enough information available on the various bits you have access to, so that you can “guess” the email you need.
However, it might be better to use the information to create a wordlist then try a password spray attack.
I’m still stuck guessing a valid username after taking these steps. I tried a lot of combinations. Any more hints?
@chonmayo said:
I’m still stuck guessing a valid username after taking these steps. I tried a lot of combinations. Any more hints?
Sadly, I cant think of any way to say more without it getting removed as a spoiler.
All I can say is you probably need to try more combinations. The information is on the site.
Finally rooted. This was quite a ride for me, but I’m happy I stuck with it. Here are my hints:
Foothold: The latest tech will save you.
User 1: If you can’t do it in one step, do it in three steps.
User 2: Writing can be so much more fun than reading.
Root: Once you find it, just try it out! Do NOT overcomplicate this last step or you’ll find yourself in a world of pain.
PM for nuggets.
Whew, user finally pwned… so many new techniques and ways to try harder.
Awesome box so far! On to root…
edit: User2 pwned, awesome privesc method
edit: rooted!
Finally got user flag ! The foothold was quite frustrating!
I’m trying to spawn the reverse shell but I’m stuck! A nudge would be very welcome
Now I am trying to decrypt a hash, the password doesn’t seems in rock***.
Edit: Rooted PM me for nudges
Type your comment> @chonmayo said:
Feel like I am missing something easy and could use a nudge, I have the first password and I feel like im just sitting here playing guess the email, what am I missing. I have tried generating a bunch of potential things based on clues in other pages.
It is a bit of “guess the email” but this is pretty much the crux of enumeration. There is enough information available on the various bits you have access to, so that you can “guess” the email you need.
However, it might be better to use the information to create a wordlist then try a password spray attack.
I’m still stuck guessing a valid username after taking these steps. I tried a lot of combinations. Any more hints?
I had to try about 20k combinations before getting it, for what it’s worth
Would someone mind taking a look at my e-mail creating script and help point me to what I’m doing wrong?
EDIT: Got it, thanks to the nudge from @jhnhnck. On to user!
Anyone got any tips for root? I am just absolutely clueless as for what to do here, which is weird because according to everyone else this is the easiest part…
Okay my tip is KISS