Official Buff Discussion

Very Easy User in an Easy box finally

rooted. Very easy box :slight_smile: DM if you need help

Yah, user is super easy. Could have got it in less than 3 minutes.

Type your comment> @GordonFreeman said:

um, did anyone find the link the bottom of the ad*** page goes to a site linked to malware?

Malware Link:
http://skymbu.info/ (dont go to)

Not really, looks like a parked domain.

It seems that PoC for privesc is written in Python but Python is not installed on the host…
I feel like I’m looking at the right service based on box name and logo (as mentioned by @Caracal ) I wonder what I am missing.

Type your comment> @civility0 said:

It seems that PoC for privesc is written in Python but Python is not installed on the host…
I feel like I’m looking at the right service based on box name and logo (as mentioned by @Caracal ) I wonder what I am missing.

Maybe plxxk.exe

Rooted! Easiest box on HTB by far. Thanks to creator!

Type your comment> @civility0 said:

It seems that PoC for privesc is written in Python but Python is not installed on the host…
I feel like I’m looking at the right service based on box name and logo (as mentioned by @Caracal ) I wonder what I am missing.

It’s not because something is not installed on the machine that u necessarily need it.
You want to access something on the inside, but from the outside, what can you do ?

Some basic windows utilities can help you, or just find the right tool :wink:

Rooted! Great box, very easy.
Both user and root are really simple, although root can be a bit difficult to “set up”

Okay. This box is rooted. A very straight forward machine.
My hints:

For user: There is a big hole and it is available readily for the public.
For Administrator: Usual Enumeration and also there is a hole in it.

Simply, Google FU is all you need.

PM for cryptic nudges.

Type your comment> @sparkla said:

Apparently “whoami” is malicious :smiley:

PS C:\Users> whoami
whoami
At line:1 char:1

  • whoami

This script contains malicious content and has been blocked by your antivirus software.
+ CategoryInfo : ParserError: (:slight_smile: , ParentContainsErrorRecordException
+ FullyQualifiedErrorId : ScriptContainedMaliciousContent

hahaha lol :smiley:

Need a nudge for user. tried to upload php reverse shell in /a***n but couldn’t. Also tried basic bypass in login but failed.

Spoiler Removed

Lots of creds, no progress (for root) - any nudges please

Type your comment> @coopertim13 said:

Lots of creds, no progress (for root) - any nudges please

Name of box. Look for interesting files.

Type your comment> @civility0 said:

It seems that PoC for privesc is written in Python but Python is not installed on the host…
I feel like I’m looking at the right service based on box name and logo (as mentioned by @Caracal ) I wonder what I am missing.

Maybe there is a way to run a python script without python being installed.

I think I know what my next step is, but i’m not sure how to do it. Google and youtube were no help, but probably because i’m using the wrong search terms. I used script for GMSe, and got in. I’m not sure how to access n****t, and i don’t want to just use someone elses work. If anyone could provide a link to a video or a site or just provide the google terms I should be using, I would really appreciate a DM. Thank you!

Trying to figure out root. See the path and created what I need to but need to figure out how to carry it out. I’ve seen hints that point to tools but have had no luck. I also tried compiling the snake, bringing it over and running it but get an error. Any thoughts? A nudge would be super helpful

I tried for 2days and still cannot find the way in… i have tried some tools, found an a**** folder, i see some error on that page and some error with a full path but after that i was stuck.

@GordonFreeman said:

um, did anyone find the link the bottom of the ad*** page goes to a site linked to malware?

Malware Link:
http://skymbu.info/ (dont go to)

I went to the link twice before realizing something sketchy was going on. How fucked am I?