Admirer

Ok i,m Stuck and need a push in right direction.

Currently trying to find the login page.

Type your comment> @cycloneripper said:

Ok i,m Stuck and need a push in right direction.

Currently trying to find the login page.

There are a ton of hints on this post regarding that question. You said you are trying to find something. How are you searching? What have you done?

This one…wow. So many credentials that don’t work anywhere!

I really enjoyed the early enumeration, because i felt I was on to something. Especially when I found that one of username/password combinations I had let me make t******s to the system. I thought then I could use that to access something on a port not available to the outside. “I’ve got it,” I thought.

Nope.

It then took me a long time to find where to actually get a foothold. Once I found that page and researched the vulnerability, I could see what needed to happen, but there were a few false-starts getting things properly configured locally. Once I had it working though, I knew exactly where to look. User was then quick.

With root, I saw quickly what I needed to do, and was familiar with the vulnerability, from another interpreter, I just got bogged down in trying to get a certain option to work instead of looking at what I’d already enumerated and trying some other things. @tofurky was a huge help to me at this point.

This was by far the most difficult system I’ve done so far.

Little nudge would be much appreciated. Been stuck after a successful login to the login page for a few days now. I can view a number of items successfully using the method you google, but not sure what has the juice.

All required hints have been given in the thread already.

User took a while to click but no tools are required and following the breadcrumbs eventually leads the way to user.

Root is easy if you know how the parts involved work. If not google it :slight_smile:

Nice box!

I hate this box, it ruined my weekend! I learned few things tho. I’m not even going to go into the ‘easy-not easy’ debate, I find it silly that HTB allows authors to rate the machines and then ask us our opinion. Let the people decide. The authors are not sufficiently detached to be objective. And I’m sure they influence the masses in their perception. Anyway:
User: all about tricks in the fuzzing, the hard part to get the fuzzing right. Others have said what needs to be done.
Root: the usual privesc scripts did not show the interesting parts for some reason! So do your enum manually as well. Once you see it, you know that’s the way.

Can someone nudge me somewhere. I’m still pretty new and i know what is “blocked” on r*****.**t and ive tried hitting it against dirbuster and nothing.

Rooted. DM for nudges

@brxanxs said:
Can someone nudge me somewhere. I’m still pretty new and i know what is “blocked” on r*****.**t and ive tried hitting it against dirbuster and nothing.

the word “blocked” is not mentioned in r*****.**t file, if we’re talking about the same file

Echoing other comments here, a really enjoyable box. Thank you to @polarbearer and @GibParadox for taking the time to create this box so we can learn new techniques, it’s very much appreciated.

The foothold drove me absolutely mad, but is actually simple if you’re fastidious and logical with your enumeration (as others have also said). I spent days banging my head on my desk, and then: ahhhhh, I see…

Enjoyable escalation to root.

Happy to hint if people are stuck.

Type your comment> @M4st3rM1nd said:

@brxanxs said:
Can someone nudge me somewhere. I’m still pretty new and i know what is “blocked” on r*****.**t and ive tried hitting it against dirbuster and nothing.

the word “blocked” is not mentioned in r*****.**t file, if we’re talking about the same file

Oh i got rooted after some googling into A****r
If what i just said is a spoiler just remove it

Super cool box, just rooted
PM for nudges

Foothold: Was really tricky, found it with help from some hints here. I have to get better at enumerating properly.

User: Really intresting, found a great article so it was not that tricky, but many steps.

Root: I went really fast from user->root, but it is a really great privesc i have seen before.
Google p***** e** privesc and you might find something intresting

Type your comment> @TazWake said:

@grai123 said:

Fair. Looking at the traffic is something I actually have not tried. I’ll check that out. I have spent a long time trying to configure this ■■■■ thing and I’m getting pretty frustrated.

It is understandable because this can be a frustrating step.

Have a look at the form and make sure you are telling it to go to where you want it to go and then make sure where you are telling it to go will let it in.

For some reason, now I am getting “Connection Refused” error. I pulled up wireshark and I can see the SYN and RST/ACK packets, so it confirms the connection refused. I do not know why though. I used the correct credentials (the ones I set) and accessing the correct DB. I also checked firewall, and it allows all 3306 traffic (no restrictions). The service is running and I didn’t see anything helpful in the mysql error logs.

Finally rooted, I found user considerably harder than root on this one mostly because the box throws a lot at you after some initial enumeration and I ended up going down many rabbit holes.

The path to root was clear after that, I knew what to do however I spent some time figuring out HOW to do it because I wasn’t very familiar with the language used.

PM for nudges!

Great priv esc! I have been using P***** for years and it never even crossed my mind that it could be used for that.

I didn’t find the foothold too bad, although I can see how you might if you don’t get the first step early on. Spent most of the time on user getting M**** to accept remote connections as I have always used it locally, but it was pretty straight forward after that.

I like to think I’m improving but it may have just been luck :slight_smile:

I am having an issue while getting root access
setted up everything but struggling with the P*PATH ( typing echo $PPATH gives me the path that typed yet when i try to execute the code it doesn’t work
can someone give me a hand with the path thing :confused:
edit: well i guess i fixed the PATH, tried to execute the file from any folder and it works
BUT nothing happens when it comes to MR RIGHT FILE ( when pressing 6 )
edit1: ROOTED !!! the problem was my path as expected digged a bit on it xD

I absolutely LOVED this box.

Anyone got some good recommendations for a wordlist for content discovery?

@benjamin2000 said:

Anyone got some good recommendations for a wordlist for content discovery?

Big.