Admirer

@sparrow1 said:

I didn’t mention that it is file leaking exploit, probably the rogue one to be used here. I just have problem that server is responding with malformed packet and not returning data. @xkcm seems to have the same problem.

I might be massively missing something because I dont know what the rogue tool is, but the bit you are talking about can be manually exploited.

I am not getting a foothold here. I found r*****.**t file but i am not able to figure out what to do next

EDIT: I tried to fuzz that directory but none of the wordlist seems to work.

how are you people getting to the login page?

Type your comment> @IAMAK said:

I am not getting a foothold here. I found r*****.**t file but i am not able to figure out what to do next

EDIT: I tried to fuzz that directory but none of the wordlist seems to work.

Think it was hinted on one of the pages, so instead of using one wordlist why not combine them…

Type your comment> @TazWake said:

@sparrow1 said:

I didn’t mention that it is file leaking exploit, probably the rogue one to be used here. I just have problem that server is responding with malformed packet and not returning data. @xkcm seems to have the same problem.

I might be massively missing something because I dont know what the rogue tool is, but the bit you are talking about can be manually exploited.

Thanks. Indeed it can. Also my error was caused by getting file beyond my reach. Exploit works for nearby files.

Rooted! This is the first box I’ve had where user is way harder than the root. People having login problems should check their plugin values for the software they’re using. Feel free to PM me for nudges!

Type your comment> @in3vitab13 said:

how are you people getting to the login page?

The way is already in plain sight just google it…and remember don’t over complicated things!

Finally Rooted after getting headache for days
Foothold is very new for me and hard too.

great one! Finally rooted with some help from T13nn3s
If someone needs a nudge feel free to ask me (discord: nospa#4906)

rooted this one at least. this box was fun and I learned a few cool things on the way.

thanks to the creators of this box, well played!

If you need nudge, feel free to PM

Good afternoon.

Cost but I got User and Root on this blessed machine.

if I look at it in retrospect … everything is achieved in 20/30 minutes … it is an excessively easy machine … of course I already have it resolved and look back …

Tips…

Enumeration, Enumeration … wFuzz and use different lists, if you can’t find anything … try again …

Login: It is hidden, but it is not difficult to find, start with the basics, and continue with the basics … it does not require more than the basics … and its exploitation is simple but you should read … google is your friend …

User: List, and look for the basics … everything is just you have to look carefully …

Root: This caught me off guard, the method I did not know but it is simple and effective … if you listed well, you will find an interesting file … do not be afraid of SNAKE …

I’m just a newbie and it took me 4 days … and just because I didn’t follow my own advice …

So… many… creds…

Rooted! Really cool and kind of a steep learning curve on the enumeration side of the job. Always when I’m finishing a box and feeling satisfied about my enumeration skills growing the next box even messes my head up more. But for the good side of things!

A bunch of useful nudges have been giving already over here. Here is my sum-up:

Foothold: use biggie and if you find something useful, use it again on what you found. Repeat it to the bone!

User: Knowing basic SQL and google to find the right thing to do the job with should do it. It’s useful to know how to set up a database locally, grant permissions to users and allow data to load in

Root: I used veggies and the snake to get the job done. Look carefully where you are able to do things! I got stuck a while on that one…

PM if you want to discuss your own situation. Please mention the box’ name and what you did so far since I get many PM’s lately about the boxes I owned. “Pls help can’t get in” doesnt do it for me…

Thanks to the creators of this box for the pain in the a** and the stuff I learned today!

Oh yeah, I don’t know if I can but I would like to fill a ban request for user @atsika who published a public write-up on this box. You’re screwing up the fun of learning hacking for us who are here to actually gain skills instead of points.

@manderait said:

Oh yeah, I don’t know if I can but I would like to fill a ban request for user @atsika who published a public write-up on this box. You’re screwing up the fun of learning hacking for us who are here to actually gain skills instead of points.

The only way I know of to report things is via Jira (Jira Service Management)

While it is clearly a violation of the HTB Ts&Cs, and I haven’t seen the write up in question. the reality is people find things like this if they are googling for HTB specific terms rather than researching exploits or vulnerabilities. For me, the user is screwing things up for people who want to follow a write up rather than gain skills.

Need some help logging into the A*****r page. I have the db set up on my machine but cant login from the portal. It says “Access denied for user ‘root’@‘localhost’”

@LMAY75 said:

Need some help logging into the A*****r page. I have the db set up on my machine but cant login from the portal. It says “Access denied for user ‘root’@‘localhost’”

There are some specific configuration steps which are required to allow remote connections.

I set up an mysql database on my machine and it still doesn’t want to connect and login…

Type your comment> @Gentooman said:

I set up an mysql database on my machine and it still doesn’t want to connect and login…

maybe something is blocking it and you need to open the door to allow it inside…

Type your comment> @acidbat said:

Type your comment> @Gentooman said:

I set up an mysql database on my machine and it still doesn’t want to connect and login…

maybe something is blocking it and you need to open the door to allow it inside…

I already allowed EVERYTHING on my TUN0 adapter and it just won’t connect…