Travel

@AzAxIaL said:

Would someone be so kind as to help me with the foothold? I’ve scanned all the sites, tried to look for files to download and found nothing. It’s probably obvious to others, but I have exhausted all I know.

Fuzz around a bit. I know it sucks but “try harder” when it comes to looking for files to download.

Could use a nudge for foothold → user. Feeling insane since people are saying it’s “simple enumeration” compared to the last part.

Found the second credential in b*****---****.**l, cracked it, no idea where to use it.

Edit: I was missing something fairly obvious. Thanks @TazWake for clearing it up :slight_smile:

Thanks

@imkilgor said:

Could use a nudge for foothold → user. Feeling insane since people are saying it’s “simple enumeration” compared to the last part.

Found the second credential in b*****---****.**l, cracked it, no idea where to use it.

Thanks

Have a look at what ports are open which are commonly used to allow people to log into systems.

@TazWake said:
Have a look at what ports are open which are commonly used to allow people to log into systems.

But it’s pubkey only?

@imkilgor said:

@TazWake said:
Have a look at what ports are open which are commonly used to allow people to log into systems.

But it’s pubkey only?

How sure of that are you? If you have the username and password, you need to double-check that.

Man this box is INSANE! I have been trying for I do not know how long and finally have user now lol

This is a really fun box. The bread crumbs are there all the way through. It does help to write some code that you can run locally for the foothold to understand whats actually happening. I’m a newb with the last bit of technology and thanks to @TazWake for a few nudges realized you need to make more than one change to get up.

Extremely well designed. Thanks @xct and @jkr for building the fun.

finally rooted - initial foothold was insane, root was straight forward

root@4f631f9bc86b:/# id&&date
uid=0(root) gid=0(root) groups=0(root)
Sat Aug 22 03:35:55 UTC 2020

Finally rooted ! Thank to everyone that gave me hints

I have spent over a week trying to get my foothold payload to work. Could someone please help me get it working?

Edit. Nvm, forgot to read a certain file.

Finally rooted the machine, this machine is tough and requires a lot of digging around.
Thanks @TazWake for all the nudges
Initial Fotthold: Look at other websites and think what a developer uses while developing software.
Users: what other OPTtions do you have.
Root: The first thing that seems out of place is the way to get root.

PM if you need help

root@travel:~# id
uid=0(root) gid=0(root) groups=0(root)

Finally the journey ended with this box.

Thanks @TazWake and @blacViking for the hints on the insanely hard foothold.

Nothing to add after all has been said here.

Finally rooted.

This was by far the most challenging box I have ever worked on. I hit roadblocks at pretty much every step. The much appreciated help from HTB members was the only way I could make any kind of progress on this box.

Big thanks to @blackmilk, @babywyrm, @Nikhil, and @za10bx for their help getting me through this crazy box.

Big props to @xct and @jkr for an impressive box, filled with new learning opportunities.

Right, onto the hints (Let me know if any of the hints are considered to be spoilers and I’ll edit them accordingly).

FOOTHOLD

  • Initial scans will reveal more places.
  • Scan EVERY place, regardless of protocol.
  • A resource online can provide the means and tools to get what you need.
  • READ EVERYTHING (This is where I failed).
  • I could sure go for a drink right about now.
  • Bypass and create what you need.

USER

  • Old stuff can really be helpful.
  • Names are important.

ROOT

  • Stay at home for all your comfort needs.
  • With great power comes a chance to be irresponsible with others.
  • Give someone a gift you’d like to receive yourself.

DM me here or on Discord for more concrete hints.

Can I get a nudge for foothold? Tried enum and scans and i’m stuck on **og site.

@MisterM said:

Can I get a nudge for foothold? Tried enum and scans and i’m stuck on **og site.

You wont like this but you need to enum more. This is one of the harder boxes to get an initial foothold on.

First off I’d pay close attention to things like TLS certificates and then I’d look at ways to fuzz for potentially hidden files or folders.

Hey guys, I am a starter here, and I was stuck in the beginning.I need some help here.
When I trying to go to b***.t*****.h**, it shows SERVER NOT FOUND. Wanna know what should I do first to make sure that I can get into the website?
Should I change my DNS server or something else?

@Fre4k5en said:

Hey guys, I am a starter here, and I was stuck in the beginning.I need some help here.
When I trying to go to b***.t*****.h**, it shows SERVER NOT FOUND. Wanna know what should I do first to make sure that I can get into the website?
Should I change my DNS server or something else?

Well, you probably need to update your /etc/hosts file to reflect the domain name you want to map to the IP address

@Fre4k5en said:

Hey guys, I am a starter here, and I was stuck in the beginning.I need some help here.
When I trying to go to b***.t*****.h**, it shows SERVER NOT FOUND. Wanna know what should I do first to make sure that I can get into the website?
Should I change my DNS server or something else?

Well, you probably need to update your /etc/hosts file to reflect the domain name you want to map to the IP address

@Fre4k5en said:

Hey guys, I am a starter here, and I was stuck in the beginning.I need some help here.
When I trying to go to b***.t*****.h**, it shows SERVER NOT FOUND. Wanna know what should I do first to make sure that I can get into the website?
Should I change my DNS server or something else?

Well, you probably need to update your /etc/hosts file to reflect the domain name you want to map to the IP address

Need Nudge for the initial foothold.
Found the Vuln , But getting Block. I am in the last step maybe.