SSH from box to me doesn’t work as well. I suspect either broken or on purpose to prevent usage of nc (and enforce the intended route) in the early stage of foothold.
This may be why your SSH isn’t working from the box to your machine. It may not be. YMMV.
FYI if anyone is stuck on this. Edit /etc/ssh/sshd_config and change “Port” to anything you want. SSH is only blocked on the standard port. I still wouldn’t recommend leaving it enabled though, just start it when you need and stop it afterwards: systemctl start/stop ssh
FYI if anyone is stuck on this. Edit /etc/ssh/sshd_config and change “Port” to anything you want. SSH is only blocked on the standard port. I still wouldn’t recommend leaving it enabled though, just start it when you need and stop it afterwards: systemctl start/stop ssh
Have players been hacked?
I don’t know to be honest… I just saw the announcement on Discord, but have to assume so.
Not as far as I am aware. Given the difficulty in compromising SSH directly and the chance of getting a different IP each time you connect, blocking port 22 outbound seems like an odd choice. It may be down to something else (administrative interfaces, how the lab environment is configured, VPN issues etc).
@TazWake said:
Not as far as I am aware. Given the difficulty in compromising SSH directly and the chance of getting a different IP each time you connect, blocking port 22 outbound seems like an odd choice. It may be down to something else (administrative interfaces, how the lab environment is configured, VPN issues etc).
They said it’s because so many people are using the default credentials, which leaves them open to easy access.
@sparkla said:
No, I haven’t “lost peace of mind”. Not sure why you said that. I valued your previous comments but didn’t wanna let things escalate into endless HTB bashing, also I think we can only guess what’s going on behind the scenes, if we don’t get an official answer. Problems here are very real and some are severe. Problems with the boxes are one thing, how we tread each other is another, how we are being treaded maybe the most important one. We have to consider if our words do improve the issues or maybe make them worse. But it doesn’t really belong here in a box thread, so lets cut it.
I actually thought you would like my little bit of sarcasm -
It was not my intention to offend you or anyone else.
locate is (at least in my experience) really hit and miss. It frequently misses file on my local system because I dont keep the database up to date.
each user account has set privs, if the account you are in doesn’t have privs to see the file, you might not be able to find it with other tools. Keep in mind what account is being used by which “exploit.”
If you use the second account via the first bit, the output is muddy so it isn’t great for broad searching (targeted enumeration still works).
On this box, there is no need to hunt the flags. They are exactly where they should be.
Just rooted.
There is enough hints here already, but I would like to clarify some stuff.
I was a bit surprised about all those discussions about locate/grep/find. Everything seemed to be straightforward in this machine.
Also connectivity was not really a problem cause no rev or bind shell really needed.
One item required from the box can be very easy copied.
The most enjoyable part was actually the one with m**** hence getting first user. This part is very nicely described in public (google-fu) .A similar stuff can be found on one of machines in the lab where candidates for a very famous certification practice their skills -
The rest was also fine, but I used a small hint regarding which item needs to be copied for privesc (thank you @Noobish!!!). A little bit of r** gave me root on the machine.
Overall quite enjoyable.
Hey guys, need a little help here.
I’ve spent all day and could not progress. I am able to upload files, even managed to get a limited shell from there. I saw the user with shell that usually does not have it.
So I took a step back and managed to interact with the database as r**t. As far as I am aware of, I have f**_priv but I couldn’t do anything with it.
I’m thinking I’m losing myself in rabbit holes. Can anyone give me a hand?
Hey guys, need a little help here.
I’ve spent all day and could not progress. I am able to upload files, even managed to get a limited shell from there. I saw the user with shell that usually does not have it.
So I took a step back and managed to interact with the database as r**t. As far as I am aware of, I have f**_priv but I couldn’t do anything with it.
I’m thinking I’m losing myself in rabbit holes. Can anyone give me a hand?
Owned it a few seconds ago.
First of all, let me thank @LMAY75 for his help! (+respect to you pal!)
The machine:
It’s great! I liked almost every step of it.
All the hints are already there, so my suggestion is to open wide your eyes and avoid being lazy like me: double (or triple) check all what you do, otherwise you’ll end up blaming the universe, begging for help just because of a typo…
Stuck on root. Did all kind of enumeration, tried a few exploits without success but got nothing. Anyone could give me a nudge pls? (read all the forum pages more than once but couldn’t realize the path).
Stuck on root. Did all kind of enumeration, tried a few exploits without success but got nothing. Anyone could give me a nudge pls? (read all the forum pages more than once but couldn’t realize the path).
Look for something the attackers have changed, possibly with a view to allowing themselves back in at a later date.