Admirer

Finally, rooted. However, getting into the box was difficult to compare to getting root. Thanks to the creator, it’s a realistic machine.

root@admirer:/home/waldo/kukre# whoami
whoami
root

machine rooted finally

Ok, I need some help. If someone would be so kind as to pm me. PHP, SQL, is not my forte. I have an idea for getting this and I would like if someone could help me putting my idea into motion. I have done my research and I have found an avenue of approach. But I am trying to run a local database to utilize an exploit using mysql. I installed gave a password etc. I start the service and try to login and get denied every time. I have been round and round doing this. So I figured I would come here to get some help. If anyone would be so kind.

I’m able to login, but I’m getting access denied to user any query i execute. Stuck on this? Thanks in advance!!

Rooted. Very fun box !
PM for nudges.

Rooted. DM for any help.

Rooted.
This was my first real box on HTB and I enjoyed it, especially the root part.

does anyone have a problem of opening port 3306? i tried various conf files but to no avail. i just cannot allow remote connections to my 3306:(

Type your comment> @minhobrandon said:

does anyone have a problem of opening port 3306? i tried various conf files but to no avail. i just cannot allow remote connections to my 3306:(

Did you check mariadb settings and iptables ?
Maybe go through:

and recheck remote access ? Of course you need to grant access (at mariadb level) for a remote user using GRANT …

Root obtained:

root@admirer:/tmp# hostname
hostname
admirer
root@admirer:/tmp# whoami
whoami
root
root@admirer:/tmp# 

Edit: Worked once I changed which server I’m VPNd into.

Root part was very informative for the future :slight_smile:

Rooted - Message for help with what you have tried so far

ROOTED !
Intial foothold not too easy but a breeze from there,Funbox DM for nudges.

@GibParadox I have to say, for me it has been the best box I ever solve. No guesswork, nice challenges, totally liked.

Type your comment> @Rucker said:

@GibParadox I have to say, for me it has been the best box I ever solve. No guesswork, nice challenges, totally liked.

Awesome! Glad you liked it!

I am at the very last step before getting root, but my attack is falling down somewhere and I don’t know why! I have successfully hijacked s*****.. If I run the commands from b***.** in the interpreter, my code gets executed, but not when I call a****_t****.** Would really appreciate it if someone could PM me…

waldo@admirer:/tmp$ uid=0(root) gid=0(root) groups=0(root)

I really hated the foothold/user but the root path was awesome and made up for the prior annoyance. I have some leftover questions about the a*****r bypass that I can’t find in the exploit docs so if anyone can help DM me please.

Foothold: My problem was none of the relevant words were in my wordlists

User: Very odd for an easy box, requires some effort.

Root: A really cool idea, learned a lot and its valuable for the future.

If you need any help DM me!

I cant get any login page despite enum with dirseach,gobuster,dirbuster at most I got forbidden dirs…I need a pointer any direction please?

@SuperRaptor said:

I cant get any login page despite enum with dirseach,gobuster,dirbuster at most I got forbidden dirs…I need a pointer any direction please?

Why does there need to be a login page?

If you have fuzzed it fully you may have found something you need which tells you how to get access to something which can give you something you need to find out where to go with the next step.

Just finished this box after a couple of days.

Foothold was annoying and I only got it by reading some posts in here (and also used a tool I hadn’t used before which is pretty nice).

User was straightforward with some fiddling around with config stuff. I had never used/seen this method so that’s good.

Root…wandered down a completely wrong path but learned a lot about an exploit that doesn’t work on this box along the way. Finding the right place was just a basic post-exploit step. I read and understood what was going on and kind of what I had to do but messed up a small detail.

So my advice
Foothold: if in doubt, think big.
Root: pass don’t set.
Hope that’s not too spoiler-y.

Enjoyable box, but if this is easy…I have a long way to go. I only did this and Tabby so far, I’d say overall this box was harder but they are hard to compare.