Official Compromised Discussion

no clue if its intended or not… in (what i thought is the correct path) you can render the webapp completely useless by providing a vq*** file, and i cant reset it anymore :expressionless: rip

Very confused, seems like this could be really straight forward, but it isn’t quite working yet hm.

I got webshell but I can’t get reverse shell :(, any hint?

Rooted, interesting path for root.

wow nice box, going down a certain CVE path that has to do with vq**** stuff - not sure it’s right path - both first bloods by one of the best in htb - wasn’t really expecting to emulate that, especially after starting over 1.5 hours late…but, very engaging so far… :wink:

^ im battling with the exploit myself, everything seems to be right for me but then it just doesn’t work.

Im at a bit of a loss, i found the exploit, but no matter what my shell will not work. Any tips?

found a CVE , but fail to add , is it wrong way ?

Still stuck on the foothold. Found a CVE but it needs creds I can’t find to save my life. Any nudges ?

Type your comment> @CyberVaca said:

I got webshell but I can’t get reverse shell :(, any hint?

This box does not allow network connection…
ssh is here the “key” "gen"erally :wink:

thank you @D4nch3n - nice box!

Type your comment> @Raekh said:

Still stuck on the foothold. Found a CVE but it needs creds I can’t find to save my life. Any nudges ?

me,too

Spoiler Removed

@FTNTT said:

@Raekh said:
Still stuck on the foothold. Found a CVE but it needs creds I can’t find to save my life. Any nudges ?

me,too

Enum, enum is all i can say.

@Caracal For low level people “enum enum enum” doesn’t help. If it’s something we missed, okay. But I’ve been sitting in the l*g folder for a while, and I simply don’t have knowledge to distinguish what I can use or not. I’ve tried getting the authors to hydra, hijacking the cookies, but nothing.

Type your comment> @Raekh said:

@Caracal For low level people “enum enum enum” doesn’t help. If it’s something we missed, okay. But I’ve been sitting in the l*g folder for a while, and I simply don’t have knowledge to distinguish what I can use or not. I’ve tried getting the authors to hydra, hijacking the cookies, but nothing.

yeah true. so, youre on the right path.
check again what you got, maybe something that does not get rendered in source code files :slight_smile:

@Raekh i am in your situation :wink: bashing my head against what i have

@Raekh said:

@Caracal For low level people “enum enum enum” doesn’t help. If it’s something we missed, okay. But I’ve been sitting in the l*g folder for a while, and I simply don’t have knowledge to distinguish what I can use or not. I’ve tried getting the authors to hydra, hijacking the cookies, but nothing.

It’s not about low level people. If you found the file, i say “enum,enum,enum” because it should be clear what you have to do and how to do it.
It’s not even about level, but more about clearness, you have a CVE, you need password, and if you have that file, it’s just about enum, and it’s clearly impossible to give a clue, without spoiling that part.
You don’t need to hijack anything, you don’t need to bruteforce creds.

For foothold:

  • If you don’t have it, common list will help you to get to it.
  • If you have it, just search what you need in it.

I just found admin creds after bashing my head against the wall for a while.

Tip: When people say look for logs, don’t get tunnel vision like i did. Instead, once you find something remotely interesting, then follow it all the way even if it means navigating to other directories. You won’t find the creds in the backup folder only a way to find them.

(Please remove if i gave away too much)

I just can’t find the creds, I’ve been searching for hours!!!

the creds are not in the tar file… but if you read the contents of that archive carefully… then you will find a path where to look for creds

PS: assume that is not a spoiler, either you have found the tar file or you have not