Travel

root@4f631f9bc86b:/# id&&date
uid=0(root) gid=0(root) groups=0(root)
Sat Aug 22 03:35:55 UTC 2020

Finally rooted ! Thank to everyone that gave me hints

I have spent over a week trying to get my foothold payload to work. Could someone please help me get it working?

Edit. Nvm, forgot to read a certain file.

Finally rooted the machine, this machine is tough and requires a lot of digging around.
Thanks @TazWake for all the nudges
Initial Fotthold: Look at other websites and think what a developer uses while developing software.
Users: what other OPTtions do you have.
Root: The first thing that seems out of place is the way to get root.

PM if you need help

root@travel:~# id
uid=0(root) gid=0(root) groups=0(root)

Finally the journey ended with this box.

Thanks @TazWake and @blacViking for the hints on the insanely hard foothold.

Nothing to add after all has been said here.

Finally rooted.

This was by far the most challenging box I have ever worked on. I hit roadblocks at pretty much every step. The much appreciated help from HTB members was the only way I could make any kind of progress on this box.

Big thanks to @blackmilk, @babywyrm, @Nikhil, and @za10bx for their help getting me through this crazy box.

Big props to @xct and @jkr for an impressive box, filled with new learning opportunities.

Right, onto the hints (Let me know if any of the hints are considered to be spoilers and I’ll edit them accordingly).

FOOTHOLD

  • Initial scans will reveal more places.
  • Scan EVERY place, regardless of protocol.
  • A resource online can provide the means and tools to get what you need.
  • READ EVERYTHING (This is where I failed).
  • I could sure go for a drink right about now.
  • Bypass and create what you need.

USER

  • Old stuff can really be helpful.
  • Names are important.

ROOT

  • Stay at home for all your comfort needs.
  • With great power comes a chance to be irresponsible with others.
  • Give someone a gift you’d like to receive yourself.

DM me here or on Discord for more concrete hints.

Can I get a nudge for foothold? Tried enum and scans and i’m stuck on **og site.

@MisterM said:

Can I get a nudge for foothold? Tried enum and scans and i’m stuck on **og site.

You wont like this but you need to enum more. This is one of the harder boxes to get an initial foothold on.

First off I’d pay close attention to things like TLS certificates and then I’d look at ways to fuzz for potentially hidden files or folders.

Hey guys, I am a starter here, and I was stuck in the beginning.I need some help here.
When I trying to go to b***.t*****.h**, it shows SERVER NOT FOUND. Wanna know what should I do first to make sure that I can get into the website?
Should I change my DNS server or something else?

@Fre4k5en said:

Hey guys, I am a starter here, and I was stuck in the beginning.I need some help here.
When I trying to go to b***.t*****.h**, it shows SERVER NOT FOUND. Wanna know what should I do first to make sure that I can get into the website?
Should I change my DNS server or something else?

Well, you probably need to update your /etc/hosts file to reflect the domain name you want to map to the IP address

@Fre4k5en said:

Hey guys, I am a starter here, and I was stuck in the beginning.I need some help here.
When I trying to go to b***.t*****.h**, it shows SERVER NOT FOUND. Wanna know what should I do first to make sure that I can get into the website?
Should I change my DNS server or something else?

Well, you probably need to update your /etc/hosts file to reflect the domain name you want to map to the IP address

@Fre4k5en said:

Hey guys, I am a starter here, and I was stuck in the beginning.I need some help here.
When I trying to go to b***.t*****.h**, it shows SERVER NOT FOUND. Wanna know what should I do first to make sure that I can get into the website?
Should I change my DNS server or something else?

Well, you probably need to update your /etc/hosts file to reflect the domain name you want to map to the IP address

Need Nudge for the initial foothold.
Found the Vuln , But getting Block. I am in the last step maybe.

Finally rooted and what a ride.

This was by far the most challenging box I have encountered to date and I learnt something at every step of the way after hitting numerous roadblocks that continually reinforce the importance of enumeration and READ EVERYTHING.

Huge thanks to @spoppi, @flipthecoin and @AzAxIaL for the nudges along the way.

Kudos to @xct and @jkr for a challenging box, filled with a LOT of learning opportunities.

DM me here or on Discord explaining the problem and what you have tried in as much detail as possible.

reading everything in bg…!!! cant finding the hint!!
can anyone help me!!!how to travel…where to travel from b
******g

google helping to show super exploit and wp !!!

Its a shame this box is retiring this weekend - it was definitely one of the harder of the hard boxes but still an enjoyable challenge.

It has only been a couple of weeks since we had the last new hard box as well!

so sad… yesterday only started hunting this box.!!!

Without wanting to sound pessimistic, I’d suggest that anyone who isn’t already working on this box is going to struggle to drop it before Saturday.

The foothold is hard work.

Obviously this varies, if you already know the tech stack and how to exploit it, you’ll do it quickly. If you need to research or learn things, however…

after 5 days working on foothold, I think I need help at this point …
Found the b*****.*** and t*****.*** files. But still cant go further from here.
Any help is appreciated.
Thanks!

@pnrsd said:

after 5 days working on foothold, I think I need help at this point …
Found the b*****.*** and t*****.*** files. But still cant go further from here.
Any help is appreciated.
Thanks!

I am not 100% sure what those two things relate to. The foothold for this box is very much at the harder end of hard (it would be a hard insane box IMHO). I will try to cover all bases and sorry if I’ve misunderstood where you are at.

I will take a guess and say that you are still enumerating. My main tip would be to check all the output you get from nmap (-A or -sC -sV) and see if you’ve missed anything.

Then, if you have, fuzz it hard. If you find something which tried to hide, dump it to your machine and analyse it. A detailed study of this will allow you to eventually work a way to get a foothold (this bit can be insane, depending on how well you know the technology).