Travel

Hey guys, I am a starter here, and I was stuck in the beginning.I need some help here.
When I trying to go to b***.t*****.h**, it shows SERVER NOT FOUND. Wanna know what should I do first to make sure that I can get into the website?
Should I change my DNS server or something else?

@Fre4k5en said:

Hey guys, I am a starter here, and I was stuck in the beginning.I need some help here.
When I trying to go to b***.t*****.h**, it shows SERVER NOT FOUND. Wanna know what should I do first to make sure that I can get into the website?
Should I change my DNS server or something else?

Well, you probably need to update your /etc/hosts file to reflect the domain name you want to map to the IP address

@Fre4k5en said:

Hey guys, I am a starter here, and I was stuck in the beginning.I need some help here.
When I trying to go to b***.t*****.h**, it shows SERVER NOT FOUND. Wanna know what should I do first to make sure that I can get into the website?
Should I change my DNS server or something else?

Well, you probably need to update your /etc/hosts file to reflect the domain name you want to map to the IP address

@Fre4k5en said:

Hey guys, I am a starter here, and I was stuck in the beginning.I need some help here.
When I trying to go to b***.t*****.h**, it shows SERVER NOT FOUND. Wanna know what should I do first to make sure that I can get into the website?
Should I change my DNS server or something else?

Well, you probably need to update your /etc/hosts file to reflect the domain name you want to map to the IP address

Need Nudge for the initial foothold.
Found the Vuln , But getting Block. I am in the last step maybe.

Finally rooted and what a ride.

This was by far the most challenging box I have encountered to date and I learnt something at every step of the way after hitting numerous roadblocks that continually reinforce the importance of enumeration and READ EVERYTHING.

Huge thanks to @spoppi, @flipthecoin and @AzAxIaL for the nudges along the way.

Kudos to @xct and @jkr for a challenging box, filled with a LOT of learning opportunities.

DM me here or on Discord explaining the problem and what you have tried in as much detail as possible.

reading everything in bg…!!! cant finding the hint!!
can anyone help me!!!how to travel…where to travel from b
******g

google helping to show super exploit and wp !!!

Its a shame this box is retiring this weekend - it was definitely one of the harder of the hard boxes but still an enjoyable challenge.

It has only been a couple of weeks since we had the last new hard box as well!

so sad… yesterday only started hunting this box.!!!

Without wanting to sound pessimistic, I’d suggest that anyone who isn’t already working on this box is going to struggle to drop it before Saturday.

The foothold is hard work.

Obviously this varies, if you already know the tech stack and how to exploit it, you’ll do it quickly. If you need to research or learn things, however…

after 5 days working on foothold, I think I need help at this point …
Found the b*****.*** and t*****.*** files. But still cant go further from here.
Any help is appreciated.
Thanks!

@pnrsd said:

after 5 days working on foothold, I think I need help at this point …
Found the b*****.*** and t*****.*** files. But still cant go further from here.
Any help is appreciated.
Thanks!

I am not 100% sure what those two things relate to. The foothold for this box is very much at the harder end of hard (it would be a hard insane box IMHO). I will try to cover all bases and sorry if I’ve misunderstood where you are at.

I will take a guess and say that you are still enumerating. My main tip would be to check all the output you get from nmap (-A or -sC -sV) and see if you’ve missed anything.

Then, if you have, fuzz it hard. If you find something which tried to hide, dump it to your machine and analyse it. A detailed study of this will allow you to eventually work a way to get a foothold (this bit can be insane, depending on how well you know the technology).

Wow, what a ride! I can’t remember when I started it!! But it was a great learning experience.
I guess I’m too late now to post my 2cents about it.
I agree with @TazWake (unless you’re one of the ‘Gods’ that rated the box as easy).

Hi !!! , some help over here … Im thinking that the vulnerability is around XML-RCENSURED but I tried many list with WPScan and nothing worked … should I look to another way ? any advisor :slight_smile:

@H4FN said:

Hi !!! , some help over here …

So first a reminder that the box retires on Saturday.

You need to enumerate more. You need to find the non-production thing and enumerate that. Find the thing which is trying to be hidden and dump that. Read it. Find the vulnerabilities in its and work out a way to exploit them. This is really challenging.

That will get you a foothold. From there enumerate, find loot, use loot. Enumerate. Find loot, use loot, privesc.

Type your comment> @TazWake said:

@H4FN said:

Hi !!! , some help over here …

So first a reminder that the box retires on Saturday.

You need to enumerate more. You need to find the non-production thing and

OOOhhh I didn´t know that bro … where can I know all the machines that will be retired ?
Currently I have B%/&. and B&(/&-*** enumeration all this and some RSS, I tried XMLRFC and also I found a vulnerability for nginx but not any exploit yet available :S i do not have access to *** I´m trying all that I can see …

Type your comment> @H4FN said:

OOOhhh I didn´t know that bro … where can I know all the machines that will be retired ?

In the Machine’s side (left) column in HTB page, you can see ‘unreleased (1)’, click it to reveal what old machine will be replaced by the new machine. This week Travel is retiring and Compromised coming the way in.

@H4FN said:

i do not have access to *** I´m trying all that I can see …

You can try fuzzing with various wordlists.

Type your comment> @gunroot said:

Type your comment> @H4FN said:

OOOhhh I didn´t know that bro … where can I know all the machines that will be retired ?

In the Machine’s side (left) column in HTB page, you can see ‘unreleased (1)’, click it to reveal what old machine will be replaced by the new machine. This week Travel is retiring and Compromised coming the way in.

Roger that !!.. I only saw Release Arena ! … thanks bro !