Hint for TartarSauce!

Spoiler Removed - Arrexel

hint for anyone that stuck on upload
you should look for something else than that :wink:

Any hint on the username?

even the upload for the plugins doenst work…also i have editted the 404page…but nothing is using the 404page…even i try id=blogX or id-filemanagerX still 404page doesnt come up…it just says “Aw snap…etc”…am i still missing sonething?..thanks in advance…

hi firefart…just think of being a lazy person who is installing monstra…

or it can be found on the files that are viewable…

I tried all possible options on the website, and nothing seems to work…

Is it something else? Should do a comprehensive nmap for all ports?

You can PM if it contains spoilers…

@bugzy said:
:smiley: when Montra CMS RCE PoC uploaded 23 hr ago
https://www.exploit-db.com/exploits/44621/

Yeah i’ve wrote this exploit, after downloading the Montra fuzzing it, but the code on this machine doesn’t work because they block every interaction with the DB

@jameel said:

@bugzy said:
:smiley: when Montra CMS RCE PoC uploaded 23 hr ago
https://www.exploit-db.com/exploits/44621/

Yeah i’ve wrote this exploit, after downloading the Montra fuzzing it, but the code on this machine doesn’t work because they block every interaction with the DB

l33t, just enumerate little more

For those who both restart they do not have to restart the box if they have not left anything open

I like good machines and I always try to get as far as I can on my own. Found the easy login and the only page you are able to change, but no way to call that page to test. I guess I have to enumerate more…

@mrdogma said:
hi firefart…just think of being a lazy person who is installing monstra…

I don’t need the user for monstra, I need it for the other application :slight_smile:

@ZaYoOoD said:
I tried all possible options on the website, and nothing seems to work…

Is it something else? Should do a comprehensive nmap for all ports?

You can PM if it contains spoilers…

Spoiler Removed - Arrexel

@firefart said:

@mrdogma said:
hi firefart…just think of being a lazy person who is installing monstra…

I don’t need the user for monstra, I need it for the other application :slight_smile:

you may not need it there either.

rooted the box, i recommend everyone not to use Dirbuster, usually this kind of machine takes me around 30 minutes to root it, however it took e more than 2 days along with asking others, i even wrote a zero day exploit and publish it yesterday for the rabbit hole, i’m really serious i wrote a zero day and tested it on local and worked but not worked on the machine then i’ve realized i should never ever use Dirbuster anymore,

Here’s my zero day exploit, but it won’t work on the machine :
https://www.exploit-db.com/exploits/44621/

the best hint i could give for who still stack on this machine, is keep it simple and never use Dirbuster.

Regards

very nice box was a good time, thanks to the guy one validated my theory of priv esc. stumbled on root but took today to understand it and write two scripts to simplify it

@jameel said:
rooted the box, i recommend everyone not to use Dirbuster, usually this kind of machine takes me around 30 minutes to root it, however it took e more than 2 days along with asking others, i even wrote a zero day exploit and publish it yesterday for the rabbit hole, i’m really serious i wrote a zero day and tested it on local and worked but not worked on the machine then i’ve realized i should never ever use Dirbuster anymore,

Here’s my zero day exploit, but it won’t work on the machine :
https://www.exploit-db.com/exploits/44621/

the best hint i could give for who still stack on this machine, is keep it simple and never use Dirbuster.

Regards

I love you! :relaxed:

the best hint is if the key fits but does not open the lock then it is the wrong key. Move along nothing to see here. and in the famous words of oscp try harder and enumerate harder

Finally got user

It’s most amusing when they are are giving each other ‘retartar’ advice…

But in all seriousness. I’ve been surprised by the amount of salt thrown at @ihack4falafel and myself.

The box is intended to be a TryHarder style lesson in the following…

  1. Do full enum process of everything first.
  2. Don’t dive right into the first thing you see.
  3. Check for false positives and false negatives.
  4. in real world pentesting (the whole point of practicing in htb?) not everything thing is usefull.
  5. Don’t be a ‘retartar’… :astonished: