Official Feline Discussion

@Chobin73 said:

I kinda feel to have cheated for this, thus i am not really satisfied. I spent an hour and a half thinking if it was right or not to submit the root hash… ?

Possibly overthinking. There are lots of articles which give hints and tips for every box.

As long as you’ve made notes, can recreate it in the future and have learned something, its all good.

Type your comment> @TazWake said:

@Chobin73 said:

I kinda feel to have cheated for this, thus i am not really satisfied. I spent an hour and a half thinking if it was right or not to submit the root hash… ?

Possibly overthinking. There are lots of articles which give hints and tips for every box.

As long as you’ve made notes, can recreate it in the future and have learned something, its all good.

…well, indeed i didn’t said that i did not submitted the root flag! ?

Do I need to get root in the first container before pivoting? I seem to be a bit… limited.

Spoiler Removed

Really fun and interesting box! I have learned some new things! Congrats @MinatoTW and @MrR3boot

if anyone needs a nudge, pm me.

Type your comment> @zilwah said:

howdy everyone, nice box, I am having trouble with the masonry/carpentry tool ?, appreciate a PM.

incorrect version of the tool being used on the target :frowning: thanks @ricepancakes & @Andres7ll

– rooted –

rooted. thanks @MrR3boot & @MinatoTW for a fun box. and also thanks @Andres7ll for the user path nudge.

That must be the first Hard box i do pretty much on my own so quite pleased with it, although i still needed nudge because i missed the actual vulnerability to use for the foothold, which is quite frustrating.

As someone said earlier I wonder how you can endup trying to exploit a CVE so quickly (user blood within an hour), as it’s not particularly ranked high and doesn’t popup flashing in red on scans… can’t say more without spoiling though.

This is a really enjoyable box. It made me learn how to use some tools and techniques I’d not fully understood until being forced to use them for this box. Thanks to @MrR3boot and @MinatoTW for taking the time to create it.

Thanks to @TazWake for facing me in the right direction once again when needed.

wow… wonderful journey with feline comes to end!!
finally cracked root.txt!!!
pm for any hints and tips

thank you everyone!! special thanks to @TazWake @solid5n4k3 @ecodb

As usual, it was an opportunity to learn a bit more about certain technologies. My 2cents:

  • Foothold: the vulnerability should be obvious (although there are some unknowns there in terms of its requirements and the chance of success). The only difficulty is to get the right path. Play around with the requests to get that.
  • Let’s call this one ‘pivot’: another vulnerability in a local service
  • Root: from where you landed, stay home, and look for that thing that shouldn’t be exposed

Rooted the box, It was a fun box revolving around cves. The last bit of root is something I couldn’t understand completely, So if someone who could explain me the last bit PM.
Thanks @11o for all the nudges.

PM if you need help

Rooted! Very nice box! The thing I liked it most was that I got to root with basically only c**l.
One point I would like to hear from others, however, is if the foothold path is really realistic or this box prohibits certain commands from being executed through the payloads explicitly. My tips:

  • Foothold: you can find the path with a little of googling. The real problem is that you need to gather the pieces you need. Remember that is always bad (or good in our case) when servers exposes too much of information.
  • Next stage: enumerate and you may find the path.
  • Root: have you ever watched Free Willy?

Now this is an interesting foothold vuln. Don’t see much of this on htb

I get the file uploaded and execute it, but the shell doesn’t connect back to my machine. If anyone can help could they DM me?

Edit: Finally got it after 2 hrs of spamming the exact same command

Yeah, the foothold requires pretty esoteric syntax of the command. I encountered it by chance on some random github bug report. Would never know otherwise.

Spoiler Removed

Sorry I guess that gave too much away ^^

Can somebody help with the port forwarding though? I swear I’m doing everything right but it isn’t working.

Type your comment> @LMAY75 said:

Can somebody help with the port forwarding though? I swear I’m doing everything right but it isn’t working.

What about chisel and googling ?