Travel

Need Nudge for the initial foothold.
Found the Vuln , But getting Block. I am in the last step maybe.

Finally rooted and what a ride.

This was by far the most challenging box I have encountered to date and I learnt something at every step of the way after hitting numerous roadblocks that continually reinforce the importance of enumeration and READ EVERYTHING.

Huge thanks to @spoppi, @flipthecoin and @AzAxIaL for the nudges along the way.

Kudos to @xct and @jkr for a challenging box, filled with a LOT of learning opportunities.

DM me here or on Discord explaining the problem and what you have tried in as much detail as possible.

reading everything in bg…!!! cant finding the hint!!
can anyone help me!!!how to travel…where to travel from b
******g

google helping to show super exploit and wp !!!

Its a shame this box is retiring this weekend - it was definitely one of the harder of the hard boxes but still an enjoyable challenge.

It has only been a couple of weeks since we had the last new hard box as well!

so sad… yesterday only started hunting this box.!!!

Without wanting to sound pessimistic, I’d suggest that anyone who isn’t already working on this box is going to struggle to drop it before Saturday.

The foothold is hard work.

Obviously this varies, if you already know the tech stack and how to exploit it, you’ll do it quickly. If you need to research or learn things, however…

after 5 days working on foothold, I think I need help at this point …
Found the b*****.*** and t*****.*** files. But still cant go further from here.
Any help is appreciated.
Thanks!

@pnrsd said:

after 5 days working on foothold, I think I need help at this point …
Found the b*****.*** and t*****.*** files. But still cant go further from here.
Any help is appreciated.
Thanks!

I am not 100% sure what those two things relate to. The foothold for this box is very much at the harder end of hard (it would be a hard insane box IMHO). I will try to cover all bases and sorry if I’ve misunderstood where you are at.

I will take a guess and say that you are still enumerating. My main tip would be to check all the output you get from nmap (-A or -sC -sV) and see if you’ve missed anything.

Then, if you have, fuzz it hard. If you find something which tried to hide, dump it to your machine and analyse it. A detailed study of this will allow you to eventually work a way to get a foothold (this bit can be insane, depending on how well you know the technology).

Wow, what a ride! I can’t remember when I started it!! But it was a great learning experience.
I guess I’m too late now to post my 2cents about it.
I agree with @TazWake (unless you’re one of the ‘Gods’ that rated the box as easy).

Hi !!! , some help over here … Im thinking that the vulnerability is around XML-RCENSURED but I tried many list with WPScan and nothing worked … should I look to another way ? any advisor :slight_smile:

@H4FN said:

Hi !!! , some help over here …

So first a reminder that the box retires on Saturday.

You need to enumerate more. You need to find the non-production thing and enumerate that. Find the thing which is trying to be hidden and dump that. Read it. Find the vulnerabilities in its and work out a way to exploit them. This is really challenging.

That will get you a foothold. From there enumerate, find loot, use loot. Enumerate. Find loot, use loot, privesc.

Type your comment> @TazWake said:

@H4FN said:

Hi !!! , some help over here …

So first a reminder that the box retires on Saturday.

You need to enumerate more. You need to find the non-production thing and

OOOhhh I didn´t know that bro … where can I know all the machines that will be retired ?
Currently I have B%/&. and B&(/&-*** enumeration all this and some RSS, I tried XMLRFC and also I found a vulnerability for nginx but not any exploit yet available :S i do not have access to *** I´m trying all that I can see …

Type your comment> @H4FN said:

OOOhhh I didn´t know that bro … where can I know all the machines that will be retired ?

In the Machine’s side (left) column in HTB page, you can see ‘unreleased (1)’, click it to reveal what old machine will be replaced by the new machine. This week Travel is retiring and Compromised coming the way in.

@H4FN said:

i do not have access to *** I´m trying all that I can see …

You can try fuzzing with various wordlists.

Type your comment> @gunroot said:

Type your comment> @H4FN said:

OOOhhh I didn´t know that bro … where can I know all the machines that will be retired ?

In the Machine’s side (left) column in HTB page, you can see ‘unreleased (1)’, click it to reveal what old machine will be replaced by the new machine. This week Travel is retiring and Compromised coming the way in.

Roger that !!.. I only saw Release Arena ! … thanks bro !

Type your comment> @TazWake said:

@H4FN said:

i do not have access to *** I´m trying all that I can see …

You can try fuzzing with various wordlists.

Any tip with ******** ? o RSS … I will other list to dev its all that I can see till today !!

@H4FN said:

Any tip with ******** ? o RSS … I will other list to dev its all that I can see till today !!

Google for the the name and dumper, you can find a tool which will extract it all to your machine. Then you can look at the source code.

Type your comment> @TazWake said:

@H4FN said:

Any tip with ******** ? o RSS … I will other list to dev its all that I can see till today !!

Google for the the name and dumper, you can find a tool which will extract it all to your machine. Then you can look at the source code.

I don’t know how far I have advanced, but I will take a look into those files !! :open_mouth: … some zlib too I´m not sure !! but I like it !!

@H4FN said:

I don’t know how far I have advanced, but I will take a look into those files !! :open_mouth: … some zlib too I´m not sure !! but I like it !!

There is a lot to process in the files but they (if you include the files they reference) do actually cover everything needed for the foothold. It’s just really hard to work out - running trial and error bits helps a lot but can take a long time.