Hint for TartarSauce!

This box was saucey! Root was the hardest flag in the labs yet for me, good job creators!

@3mrgnc3 said:
It’s most amusing when they are are giving each other ‘retartar’ advice…

But in all seriousness. I’ve been surprised by the amount of salt thrown at @ihack4falafel and myself.

The box is intended to be a TryHarder style lesson in the following…

  1. Do full enum process of everything first.
  2. Don’t dive right into the first thing you see.
  3. Check for false positives and false negatives.
  4. in real world pentesting (the whole point of practicing in htb?) not everything thing is usefull.
  5. Don’t be a ‘retartar’… :astonished:

why dont u try to be less insulting you ‘retartar’? If u get bad feedback about the box, it is probably because it sucks. I like it though.

@Sakk said:

@3mrgnc3 said:
It’s most amusing when they are are giving each other ‘retartar’ advice…

But in all seriousness. I’ve been surprised by the amount of salt thrown at @ihack4falafel and myself.

The box is intended to be a TryHarder style lesson in the following…

  1. Do full enum process of everything first.
  2. Don’t dive right into the first thing you see.
  3. Check for false positives and false negatives.
  4. in real world pentesting (the whole point of practicing in htb?) not everything thing is usefull.
  5. Don’t be a ‘retartar’… :astonished:

why dont u try to be less insulting you ‘retartar’? If u get bad feedback about the box, it is probably because it sucks. I like it though.

I’m not aiming to insult anyone in particular.
And, if you feel insulted it may be because the challenge we created made you feel like a ‘retartar’ (idk :kiss:)…
If so, be humble.
None of us are so 1337 we never feel like that.
Maybe that’s one of the things that is important to learn about being a good hacker.
Not just popping 5h377z all the time.

I hope in the end. people enjoy it though.

I love you all.
:wink:

FYI… Falafel privesc is killin me atm for some reason… :wink:

@3mrgnc3 said:

@Sakk said:

@3mrgnc3 said:
It’s most amusing when they are are giving each other ‘retartar’ advice…

But in all seriousness. I’ve been surprised by the amount of salt thrown at @ihack4falafel and myself.

The box is intended to be a TryHarder style lesson in the following…

  1. Do full enum process of everything first.
  2. Don’t dive right into the first thing you see.
  3. Check for false positives and false negatives.
  4. in real world pentesting (the whole point of practicing in htb?) not everything thing is usefull.
  5. Don’t be a ‘retartar’… :astonished:

why dont u try to be less insulting you ‘retartar’? If u get bad feedback about the box, it is probably because it sucks. I like it though.

I’m not aiming to insult anyone in particular.
And, if you feel insulted it may be because the challenge we created made you feel like a ‘retartar’ (idk :kiss:)…
If so, be humble.
None of us are so 1337 we never feel like that.
Maybe that’s one of the things that is important to learn about being a good hacker.
Not just popping 5h377z all the time.

I hope in the end. people enjoy it though.

I love you all.
:wink:

I surely am humble. The question is: are you? Judging from your previous comments (“It’s most amusing when they are are giving each other ‘retartar’ advice…” + “5. Don’t be a ‘retartar’… :astonished:”, I don’t think you are.
We love you too, peace

@Sakk said:

@3mrgnc3 said:

@Sakk said:

@3mrgnc3 said:
It’s most amusing when they are are giving each other ‘retartar’ advice…

But in all seriousness. I’ve been surprised by the amount of salt thrown at @ihack4falafel and myself.

The box is intended to be a TryHarder style lesson in the following…

  1. Do full enum process of everything first.
  2. Don’t dive right into the first thing you see.
  3. Check for false positives and false negatives.
  4. in real world pentesting (the whole point of practicing in htb?) not everything thing is usefull.
  5. Don’t be a ‘retartar’… :astonished:

why dont u try to be less insulting you ‘retartar’? If u get bad feedback about the box, it is probably because it sucks. I like it though.

I’m not aiming to insult anyone in particular.
And, if you feel insulted it may be because the challenge we created made you feel like a ‘retartar’ (idk :kiss:)…
If so, be humble.
None of us are so 1337 we never feel like that.
Maybe that’s one of the things that is important to learn about being a good hacker.
Not just popping 5h377z all the time.

I hope in the end. people enjoy it though.

I love you all.
:wink:

I surely am humble. The question is: are you? Judging from your previous comments (“It’s most amusing when they are are giving each other ‘retartar’ advice…” + “5. Don’t be a ‘retartar’… :astonished:”, I don’t think you are.
We love you too, peace

BUDYYY!..
come on… thats just in good spirits…
dont be such a snowflake :lol:

@3mrgnc3 said:

@Sakk said:

@3mrgnc3 said:

@Sakk said:

@3mrgnc3 said:
It’s most amusing when they are are giving each other ‘retartar’ advice…

But in all seriousness. I’ve been surprised by the amount of salt thrown at @ihack4falafel and myself.

The box is intended to be a TryHarder style lesson in the following…

  1. Do full enum process of everything first.
  2. Don’t dive right into the first thing you see.
  3. Check for false positives and false negatives.
  4. in real world pentesting (the whole point of practicing in htb?) not everything thing is usefull.
  5. Don’t be a ‘retartar’… :astonished:

why dont u try to be less insulting you ‘retartar’? If u get bad feedback about the box, it is probably because it sucks. I like it though.

I’m not aiming to insult anyone in particular.
And, if you feel insulted it may be because the challenge we created made you feel like a ‘retartar’ (idk :kiss:)…
If so, be humble.
None of us are so 1337 we never feel like that.
Maybe that’s one of the things that is important to learn about being a good hacker.
Not just popping 5h377z all the time.

I hope in the end. people enjoy it though.

I love you all.
:wink:

I surely am humble. The question is: are you? Judging from your previous comments (“It’s most amusing when they are are giving each other ‘retartar’ advice…” + “5. Don’t be a ‘retartar’… :astonished:”, I don’t think you are.
We love you too, peace

BUDYYY!..
come on… thats just in good spirits…
dont be such a snowflake :lol:

It’s all good. TartarSauce privesc is killing me atm anyway :wink:

@Sakk said:

@3mrgnc3 said:

@Sakk said:

@3mrgnc3 said:

@Sakk said:

@3mrgnc3 said:
It’s most amusing when they are are giving each other ‘retartar’ advice…

But in all seriousness. I’ve been surprised by the amount of salt thrown at @ihack4falafel and myself.

The box is intended to be a TryHarder style lesson in the following…

  1. Do full enum process of everything first.
  2. Don’t dive right into the first thing you see.
  3. Check for false positives and false negatives.
  4. in real world pentesting (the whole point of practicing in htb?) not everything thing is usefull.
  5. Don’t be a ‘retartar’… :astonished:

why dont u try to be less insulting you ‘retartar’? If u get bad feedback about the box, it is probably because it sucks. I like it though.

I’m not aiming to insult anyone in particular.
And, if you feel insulted it may be because the challenge we created made you feel like a ‘retartar’ (idk :kiss:)…
If so, be humble.
None of us are so 1337 we never feel like that.
Maybe that’s one of the things that is important to learn about being a good hacker.
Not just popping 5h377z all the time.

I hope in the end. people enjoy it though.

I love you all.
:wink:

I surely am humble. The question is: are you? Judging from your previous comments (“It’s most amusing when they are are giving each other ‘retartar’ advice…” + “5. Don’t be a ‘retartar’… :astonished:”, I don’t think you are.
We love you too, peace

BUDYYY!..
come on… thats just in good spirits…
dont be such a snowflake :lol:

It’s all good. TartarSauce privesc is killing me atm anyway :wink:

I see…
lol
that makes sense now.
:lol:

@lowpriv said:
This box was saucey! Root was the hardest flag in the labs yet for me, good job creators!

Nice Job!

Glad to please. Well done on getting root. Did you get a shell btw? because that is the intended way.

any hint on priv esc? thanks

@kluo said:
any hint on priv esc? thanks

pay attention to the ‘differences’

@Sakk said:

@kluo said:
any hint on priv esc? thanks

pay attention to the ‘differences’

This :wink:

Got me on priv esc to. Going to have another crack later. Box is underrated on its dificulty. Its tought me to be much more thorough in my enum. Good box so far :slight_smile:

@kluo said:
any hint on priv esc? thanks

+1 :slight_smile:

rabbit hole after rabbit hole so far, dis gonna be fun

I think it’s a useful exploit but still a bit confusing :astonished: Monstra cms 3.0.4 - Persitent Cross-Site Scripting - PHP webapps Exploit may I have a little bit nudge for getting shell?

I read a little bit the box is not bad and I have a time working on it a week to be exact, I like the box because it is realistic.

now the escalation of privileges is killing me I want to get the root

any suggestion is welcome

@st4rry said:
I think it’s a useful exploit but still a bit confusing :astonished: Monstra cms 3.0.4 - Persitent Cross-Site Scripting - PHP webapps Exploit may I have a little bit nudge for getting shell?

This is not a spoiler!

@Vburgos said:
I read a little bit the box is not bad and I have a time working on it a week to be exact, I like the box because it is realistic.

now the escalation of privileges is killing me I want to get the root

any suggestion is welcome

enumerate enumerate enumerate

Anyone I can PM about this box ? Im having some issues finding a way to get shell… Login wasnt too bad, but getting a shell is killing me.