trying to locate the infamous xml file. I’ve installed it locally, referred to various file listings for package installs, tried to use the L** vulnerability to get at the l*****.db file index. I’ve tried every combination of the paths listed on the landing page, and the ones listed in the service declaration file.
Nothing.
Any hints would be super helpful. I’m at a complete loss.
EDIT: Thanks for the nudges. Especially @kcaaj .
Many of you have probably put in the right path to that file. But think about the “source.”
Rooted, nothing on the box was guess work. Everything can be found by looking either at a copy of the service or google. I overlooked a really obvious thing when getting user and spent ages looking for what i already had.
Rooted! Looking back, it was an easy machine, but don’t make my mistakes or you’ll spend a lot of time becoming crazy.
For foothold, the best way is to recreate the box conditions locally. Use a common package manager instead of downloading files from the website. To own the user, don’t forget to check anything you find. I didn’t (I thought that it was a rabbit hole) and spent much more time than needed. Remember this is a box marked easy, so don’t overcomplicate. Checking owners will also be helpful not to miss the right file. Then getting the root flag will be easy if you google right yourself.
If you need help, feel free to PM me.
Oh, and last but not least: STOP RESETTING THIS MACHINE. IT WORKS PERFECTLY. AND ALSO STOP OVERWRITING FILES: THERE IS AN AWESOME INVENTION CALLED “APPENDING STRINGS”. USE IT.
it’s possible to get some hints for privilege escalation from UID:997 to UID: 1000 ?
After a few hours of research I have not yet noticed anything interesting … obviously … to my limited knowledge
Even in PM, like: “study this topic …”
Thanks
[EDIT]
Thanks to: 0ryuk0, oxybro, y4th0ts, sulcud for your support.
I am having issues with my user/root flags. They are saying incorrect for whatever reasons. Is anyone else experiencing similar issues? I think HTB has a flaw in their dynamic flag implementation or something.
@TazWake likes to remind peopel that HTB can’t fix the problem unless they know there is a problem. PUT IN A TROUBLE TICKET!
Initial foothold: a lot of time lost to identify the way, resolved using it locally. then a small wall for me using the wrong syntax (using single command without prompt)
User: enough fast to get. it’s a system migration, so…
root: nothing new to identify the way and abuse it
I successfully uploaded a war file via CLI but I get error 404 when I browse to it
What message do you receive after successfully uploading the war file? It should specify the path for you such as “OK - Deployed **************** [/bah]”
I am having issues with my user/root flags. They are saying incorrect for whatever reasons. Is anyone else experiencing similar issues? I think HTB has a flaw in their dynamic flag implementation or something.
@TazWake likes to remind peopel that HTB can’t fix the problem unless they know there is a problem. PUT IN A TROUBLE TICKET!
I’ve been trying for hours to upload a war file with curl, but all I get is a “401 - Unauthorized”. Is there another user apart from t****t that i need to find to get there or did I just messed up the commands?
I’ve been trying for hours to upload a war file with curl, but all I get is a “401 - Unauthorized”. Is there another user apart from t****t that i need to find to get there or did I just messed up the commands?
Probably the syntax of your command, you have the correct user to do the job as it has the manager-script role.
Rooted. It was a amusing box.
Foothold: The devil is in the details. If you can’t find something, try compiling the correct list of files.
User: Country roads, take me home
Root: You will see it right away.
PM for hints