Admirer

Type your comment> @Enyone said:

could be easily one of my favorite boxes… found it to be very straightforward and very much to learn. thank you so much :smiley:

@grai123 said:
Running into a similar error that most people are running into. Spent several hours trying to troubleshoot (firewall fixed, ensure service is running, bind-address is correct, user and privileges are good, fixed packet size and timeout in config file), and I feel that I’m out of options. I’m not an expert on sql, but I’m not a newb either, so I have no idea why it isn’t connecting properly.

Would appreciate some help. Thanks!

have you made sure the user is the “correct” user? i learned that “user”@“localhost” is not equal to “user”@“whatever.com”. that solved that problem for me

Yes I did that

@Shad0wQu35t said:
Type your comment> @grai123 said:

Running into a similar error that most people are running into. Spent several hours trying to troubleshoot (firewall fixed, ensure service is running, bind-address is correct, user and privileges are good, fixed packet size and timeout in config file), and I feel that I’m out of options. I’m not an expert on sql, but I’m not a newb either, so I have no idea why it isn’t connecting properly.

Would appreciate some help. Thanks!

Host 'xxx.xx.xxx.xxx' is not allowed to connect to this MySQL server - Stack Overflow

Try this bro :wink:

Tried something similar. I tried it again and added another user. I got connection refused afterwards. Double checked firewall and restarted service. Now I’m getting connection timed out error.

I’m not trying to become a db admin, but it seems like I need to in order to get the dbms to connect to my db.

Anyone able to walk the dog with me on the db configuration and let me know what exactly I’m doing wrong?

@grai123 said:
I’m not trying to become a db admin, but it seems like I need to in order to get the dbms to connect to my db.

Have you used wireshark to make sure the packets are reaching your system?

Type your comment> @m4lwhere said:

@grai123 said:
I’m not trying to become a db admin, but it seems like I need to in order to get the dbms to connect to my db.

Have you used wireshark to make sure the packets are reaching your system?

Fair. Looking at the traffic is something I actually have not tried. I’ll check that out. I have spent a long time trying to configure this ■■■■ thing and I’m getting pretty frustrated.

@grai123 said:

Fair. Looking at the traffic is something I actually have not tried. I’ll check that out. I have spent a long time trying to configure this ■■■■ thing and I’m getting pretty frustrated.

It is understandable because this can be a frustrating step.

Have a look at the form and make sure you are telling it to go to where you want it to go and then make sure where you are telling it to go will let it in.

Can someone pm me hint what file do i need to read, i inspected all the files from F** found login page, logged in and can read local file. Just cant for the life of me figure out which one i need to read, since i am locked in the current directory of the script.

Thanks!

@ntroot said:

Can someone pm me hint what file do i need to read, i inspected all the files from F** found login page, logged in and can read local file. Just cant for the life of me figure out which one i need to read, since i am locked in the current directory of the script.

Thanks!

Choose one that you already got elsewhere, but that “lied” to you :wink:

anyone else getting the error “Error in query (2000): open_basedir restriction in effect. Unable to open file” ?

Please remvove if considered as spoiler

Type your comment> @moern said:

anyone else getting the error “Error in query (2000): open_basedir restriction in effect. Unable to open file” ?

Please remvove if considered as spoiler

as always when I asks for help, I solves it the next min…

I have a “connection refused” message in a*****. ***. It is my first machine, can someone give me a push?

I’ve gotten in via ftp and grabbed all the files. I know the passwords are ■■■■. I’ve done a ton of reading and I think I have the exploit, but I can’t get a connection from A****** to any remote m***l server. Is this right?

Type your comment> @chaoskreator said:

I’ve gotten in via ftp and grabbed all the files. I know the passwords are ■■■■. I’ve done a ton of reading and I think I have the exploit, but I can’t get a connection from A****** to any remote m***l server. Is this right?

Set it up

I’ve tried 3 different servers setup for remote connections, and I just get connection timed out or “php_network_getaddresses: getaddrinfo failed: Temporary failure in name resolution”. Does the connection have to be within the HTB vpn (eg, my vmware instance)?

FINALLY! r00ted :slight_smile:

PM for nuggets

rooted! If anyone need help just DM
También en español :wink:

Root it :blush: thanks for @ka1z3n for help

Admirer done. Really enjoyed this. A good logical path through to user with some rabbit holes along the way for good measure. Root was easier and good example of a technique I was aware of, but have never done before. Thanks to @GibParadox & @polarbearer
As others have said read everything and try to understand what it is telling you. Learnt how to better use tools I knew and some I didn’t.
Happy to provide nudges. Feel free to PM.

Finally rooted this machine
Thanks @mervan and @hughesdg for the final nudge
It was fun and a logical machine foothold was frustrating but once you understand, it becomes easy

Foothold:look at what robots have to say. Go to the place they point and enumerate and enumerate till you reach the gate,

User : Read the file which you visited at the very beginning and that has the necessary thing, use that to get inside the machine

Root : Past is the answer to your problem.

PM if you need help

Why does it keep saying my root and user hashes are incorrect :frowning: