@TazWake Edit: Posts were timed badly. Now you answered my questions, thanks.
Awesome - I think I understand at last!
Hopefully, we are communicating on the same frequency now
It is a crying shame that so many people think it is funny/clever to break the boxes for other people. I wish more Linux boxes set the immutable flag on the flags.
Got user, wasn’t so much hard as it was I had never used this method before and couldn’t find anything online about it. Thanks to @TazWake for walking me through the second half with the S** service trickery.
Onto root, from what I see on this thread this will certainly go over my head. I have 0 knowledge of reversing… should be interesting.
Been increasing the difficulty over the past 2 weeks, Unbalanced was a cakewalk but this is definitely my max.
Edit: Starting the 6 hr ghidra crash course lol wish me luck
Good suggestion from @sparkla - people often overlook how effective Base64 can be in transferring files between systems.
However if ssh from you to the box works, so should scp as it is basically the same protocol. If ssh works but scp fails, there is a good chance something on the box is broken.
SSH from box to me doesn’t work as well. I suspect either broken or on purpose to prevent usage of nc (and enforce the intended route) in the early stage of foothold.
Rumour has it (and I certainly haven’t even tried to confirm this yet) but SSH from HTB boxes to user machines is prevented.
You should be able to use SSH/SCP from your machine to this box though.
Couldn’t spot the privesc, nudge welcome.
Its difficult to avoid spoilers. I’d start with thinking about this as a compromised device, and looking for things the attacker might have done to allow themselves back in.
SSH from box to me doesn’t work as well. I suspect either broken or on purpose to prevent usage of nc (and enforce the intended route) in the early stage of foothold.
This may be why your SSH isn’t working from the box to your machine. It may not be. YMMV.
FYI if anyone is stuck on this. Edit /etc/ssh/sshd_config and change “Port” to anything you want. SSH is only blocked on the standard port. I still wouldn’t recommend leaving it enabled though, just start it when you need and stop it afterwards: systemctl start/stop ssh
FYI if anyone is stuck on this. Edit /etc/ssh/sshd_config and change “Port” to anything you want. SSH is only blocked on the standard port. I still wouldn’t recommend leaving it enabled though, just start it when you need and stop it afterwards: systemctl start/stop ssh
Have players been hacked?
I don’t know to be honest… I just saw the announcement on Discord, but have to assume so.
Not as far as I am aware. Given the difficulty in compromising SSH directly and the chance of getting a different IP each time you connect, blocking port 22 outbound seems like an odd choice. It may be down to something else (administrative interfaces, how the lab environment is configured, VPN issues etc).
@TazWake said:
Not as far as I am aware. Given the difficulty in compromising SSH directly and the chance of getting a different IP each time you connect, blocking port 22 outbound seems like an odd choice. It may be down to something else (administrative interfaces, how the lab environment is configured, VPN issues etc).
They said it’s because so many people are using the default credentials, which leaves them open to easy access.