Rooted! Took me far too long to find the initial vulnerability as I was looking in the wrong places. The vuln is much more recent and didn’t turn up in initial searches!
For root enumerate and go back and do something you may have tried at the start. They aren’t the same… from there its straight sailing.
Also for the foothold, the way I found it was using a website that scans a certain file that is exclusive to the language involved in the blog. It parses the file and looks for vulns.
I found it like 5 minutes after the box was live. I was sure I was going to get blood, and then I had to go to work, and then I couldn’t get my payload to work properly, and then I drank too much.
I thought this was my one chance for HTB glory, because even easy boxes take me like 5 hours, usually, but alas, it was not in the cards, lololol.
Learned some tricks. I would think this box is not medium but ok. Thx for this kind of boxes
my hints:
User: try to find the code and google somethings. I’m not expert on this programming language so it takes me a lot of time. There is a CVE on github and other article on hackerone. Read them (remember don’t need clone nothing)
Root: Basic enumeration will give you some key words. Keep in mind that home have a clue about escalation.
Hi can someone give me hint on initial foothold part, i am working with r**** exploit and i found rce script on github, but when i tried it, it doesn’t work. I tried to do what the script do manually, but it doesn’t work too. Any hint with foothold?
Finally rooted this box. Last part with “synchronization” almost killed me I tried to synchronize over and over again, but still nothing. After all attempts I went the other way and succeed at the end
Completely reinstalled Kali because my VM was filled with so much clutter and filler, going to get back to this machine tomorrow, hopefully I’ll make some progress
Hi can someone give me hint on initial foothold part, i am working with r**** exploit and i found rce script on github, but when i tried it, it doesn’t work. I tried to do what the script do manually, but it doesn’t work too. Any hint with foothold?
This tricked me for a bit too, first make sure you have the correct version of ruby, and then there’s a typo in the readme’s r**** commands on github so pay close attention.
The change you wanted was rejected. > > Maybe you tried to change something you didn’t have access to. … anyone else on this when signing up or while login in ?