Travel

Is there anyone else here, who spent days just trying to find something? I’ve used multiple directory scanning tools, that come up with nothing.

Finally Rooted !
Thank to everyone that gave me hints
That was the hardest box that I’ve done so far.

PM me for nudge.

Rooted.

I think that was the best box I’ve ever played on HTB. Both user and root seriously challenged my creativity. I learned SO much, thank you guys for making this. Incredible.

This one was insane!
I would have never done this without help!

User : Once you find that SF think what can you request, do not point to yourself.
Once you got it, Google "S
F m******e php"
Root : user permission, query and groups

If anyone could offer some sanity checking for my foothold method it would be appreciated.

I have a pretty good idea of what I want to do with m******** and I can see my results in d*******p but i’m not getting anything to happen with my payload, it just gets re-overwritten.

Edit: Thanks straylight

i have got these 2 files r**_********.php ********.php need help in command injection

Spoiler Removed

can anyone help with m********d part ??

Rooted. Whew. That was a hard box. The initial foothold was the trickiest, and I admit I needed some great nudges from @TazWake @gunroot and @Roinard. Thanks to all of you, much respect will be coming. Once I had that it was a matter of chugging through the steps.

I don’t have anything to add to what has already been posted here.

That was a total beast and thanks to the folks that stayed with me through that one. For some reason this gave me the most problems of all the boxes I’ve done and I’d like to understand why. I’m interested in the mindset and approach taken for that initial foothold. Please DM if you have a write up and would be willing to share so I don’t have to wait for the machine to retire - it’s really bugging me. I’ve rooted and can provide evidence so you know I’m not looking for spoilers and cheating.

Most difficult box I’ve completed; definitely needed some help along the way.
If you need a push, let me know.

Very tough to get foothold, had to come back many times with a fresh head and re-think.
PE is fantastic, read and learned a lot on the way. Something i heard about but never actually did.
I would rate the user flag as insane, at least it felt sometimes that i would go in that direction ;=)

@dieterh said:

Very tough to get foothold, had to come back many times with a fresh head and re-think.
PE is fantastic, read and learned a lot on the way. Something i heard about but never actually did.
I would rate the user flag as insane, at least it felt sometimes that i would go in that direction ;=)

I agree.

Privesc was enjoyable but much more straight forward than user. Getting that initial foothold is super hard work.

Spoiler Removed

Wow what a trip. Took me a few days but I LOVE boxes like this. Custom exploitation, pouring through source code, reading pages of documentation. This is why we do it.
Thank you @xct and @jkr, great box. Probably going to clean up my disgusting travel directory, update my notes, and digest all of that.

Also @applepyguy, thanks for putting up with me and helping me through it.

Type your comment> @lebutter said:

Am i the only one who is trying to get a replica of the blog setup locally ? The Simplepie stuff is NOT working in my case and i have no idead why… i’m feeding it the original same file, it’s pretty much 100% same code as from the server… yet it doesn’t display the travels.

You may lookup the error. A simple google quickly revealed for me what I was missing.

Hint: It was not directly related to Simplepie but m*******e - missing as a module. You also find hints to it in the “main” source file.

Good luck :slight_smile:

Thanks… but i’m not using m****, i’m basically running the simplest version of it, i’ve got it down to pretty much the same as what they show on tutos… yet, it doesn’t query that feed file and doesn’t return anything. No error either. So far i’ve basically spent most of my time trying to create a freaking one page wordpress blog, this is driving me nuts.

Finally got it. I never managed to get my replica of the bl** working but that wasn’t completely necessary. This server was insane for me.

The foothold is definitely the hardest. Many times i though i was going too much down a rabbit hole and thought myself thinking “this is too convoluted”, when buried into source code to my neck… which for me is tricky as i’m not a developper. I struggle to follow code in big code bases.

User and root are easier although not that straight forward as it relies on a service i hate.

Rooted it! The foothold was very, very hard, but very, very enjoyable! Thanks @xct and @jkr for this awesome box! Also thanks @Roinard and @anoNym1ty for the nudges!
If you need a small nudge, feel free to send me a PM!

Is anyone doing this box?