Official Bucket Discussion

Rooted ! Thanks to @xaif7aLe for nudge :slight_smile:
Interesting machine which requires to RTFM.
If anyone needs tips/help PM me !

I am not able to get a foothold on this machine, trying to enumerate things, but no success till now. Would someone be able to point me in right direction?

Type your comment> @LMAY75 said:

I’m not very familiar with this service, not sure where to query. Found the h***th page that confirmed the service on the backend but not sure how to proceed.

Edit: Nvm, it appears I DIDNT REALIZE THE IMPORTANCE OF A SLASH. God that is so annoying, since when did slashes at the end of a URL matter?

I was having the exact same problem, I was so confused at the beginning with the redirect to this weird domain… Can anyone explain why the extra / is so important?

Can someone help with a** cli? Got the creds but am having trouble executing commands .

edit: got it

I got creds, can upload stuff to the bucket, but can’t get it to execute. I know I’m close to getting a shell. Can anyone pm me a nudge on how to get my file to execute?

edit: got it with the help of @akhlaqur and @xaif7aLe. Thanks a lot guys.

Type your comment> @benjamin2000 said:

I got creds, can upload stuff to the bucket, but can’t get it to execute. I know I’m close to getting a shell. Can anyone pm me a nudge on how to get my file to execute?

do you understand the relationship between the system where you uploaded stuff and the machine you want to attack (i.e. bucket.htb)? :wink:

Is anyone able to access the higher port??

halleluja what a ride. finally got root flag. I did not get a root shell but could read out the root.txt. if there is way to get an actual shell could someone PM me plz. would be interesting on how to achieve that.

After a full 24 hrs of trials, i finally ROOTED this box. Good one

Finally rooted the box, root part found to be very tough to me. Thanks guys for helping with nudge specially @xaif7aLe

Finally rooted. Thanks to @MrR3boot for creating this amazing machine. Definitely on the harder side of medium machines, but well worth the effort.
No additional hints from me but if you need a nudge, feel free to DM me.

Hi, i’m new in this world.
I’m not familiar with a**, any hint for user?

Enjoyable box - learned a few new things as well, which is always good.

@JoakoI98 said:

Hi, i’m new in this world.
I’m not familiar with a**, any hint for user?

The cli helps. If you google the commands it allows, you might come up with a way you can get a foothold. Then you can use the loot you can find from basic enumeration to become the person you want to become.

Got user. I like this box already, have to read much many many documentation. On to root!

It took a while to figure out the root part (though I didn’t manage to get a shell, just only the flag) Thanks @MrR3boot: it was great to learn new things

For root, when you start researching, ignore any sources that appear to be medium helpful, they will only lead you astray.

The docs, and Twitter of all things are much more useful!

Spoiler Removed

Can anyone nudge me on foothold?? I saw a higher port was running some days back but now it’s closed…

@alalno said:

Can anyone nudge me on foothold?? I saw a higher port was running some days back but now it’s closed…

You only need one port for the foot hold - XX - and it’s a common one. If you saw a port in the range of XXXX, then chances are you saw some else attacking the box and setting up their own server for some unknown reason.

Best route to initial foothold - enumerate with the right host name.