Was able to get admin and hit staging and see some interesting info but cant seem to remotely connect or get a foothold. Is this a rabbit hole? Where to go from here?
Was able to get admin and hit staging and see some interesting info but cant seem to remotely connect or get a foothold. Is this a rabbit hole? Where to go from here?
Just got a foothold. Ran some enumeration scripts but didn't see much and don't know where to go from here. Saw a bunch of users and saw a couple of files.
Anyone know where to go from here? Or just discussion in general?
Any nudges appreciated
@zweeden said:
Just got a foothold. Ran some enumeration scripts but didn't see much and don't know where to go from here. Saw a bunch of users and saw a couple of files.
Anyone know where to go from here? Or just discussion in general?
Any nudges appreciated
Any advice? I feel like I'm spinning my wheels once I got into the a**** page
After enumerating for a while, I found a file with s** creds, but probably not useful for now..
What took my attention is the A** Ke* for L****el tried few things with it but it got me nowhere
is that file a rabbithole?
Just got user and looking for some assistance/help on privesc/rooting - I've enumerated and done the usual things and noticed the new group but didnt read anything interesting. I must be missing something.
Nudges would be greatly appreciated.
DM me please or if you need hints to get to user
@ElleuchX1 said:
After enumerating for a while, I found a file with s** creds, but probably not useful for now..
What took my attention is the A** Ke* for L****el tried few things with it but it got me nowhere
is that file a rabbithole?
Just finished, what a box! Here's a few tips that can help.
Foothold: Check how you can escalate your privileges as a user on the academy, you'll be led to a nice hidden place. Follow what you find, and you'll find some interesting secrets. Use the secrets to your advantage to craft a gateway - what you want is closer than you think!
User: The academy has more secrets, just need to find them. You'll find a few, but this particular secret is distinct from the others - don't doubt yourself, try it!
Root: You're considered a particular type of user, rather privileged, you can see what others have done. You might need to audit a thing or two, you'll find a new secret. Afterwards you'll discover a new privilege - just feed it what it wants and you'll get root.
Comments
Wishing all of you best of luck . This will be my very first , first blood attempt.
I'm having issues spawning the box. Anyone is facing the same?
Yup, first blood has already been done and I'm still waiting for the box to spawn as well. Very frustrating...
is that thing on that port relevant ?
anyone got creds for a**** page?
Was able to get admin and hit staging and see some interesting info but cant seem to remotely connect or get a foothold. Is this a rabbit hole? Where to go from here?
Type your comment> @zweeden said:
can u nudge me ?
I think the box is acting weird across all servers AU, US, EU ...etc
All files are having 777 permissions
found some web pages and a high port, not getting much so far.
Is the admin login a rabbit hole ?
Got a reverse-shell!
Any tips?
Just got a foothold. Ran some enumeration scripts but didn't see much and don't know where to go from here. Saw a bunch of users and saw a couple of files.
Anyone know where to go from here? Or just discussion in general?
Any nudges appreciated
Any advice? I feel like I'm spinning my wheels once I got into the a**** page
After enumerating for a while, I found a file with s** creds, but probably not useful for now..
What took my attention is the A** Ke* for L****el tried few things with it but it got me nowhere
is that file a rabbithole?
Just got user and looking for some assistance/help on privesc/rooting - I've enumerated and done the usual things and noticed the new group but didnt read anything interesting. I must be missing something.
Nudges would be greatly appreciated.
DM me please or if you need hints to get to user
I'm stuck here as well
Took a while to find the fairly obvious path to root... 😊🙏
Tnx @UrbanMystery and @LeBofDuRa
just rooted! feel free to dm or discuss! curious how others went about it!
Just finished, what a box! Here's a few tips that can help.
Foothold: Check how you can escalate your privileges as a user on the academy, you'll be led to a nice hidden place. Follow what you find, and you'll find some interesting secrets. Use the secrets to your advantage to craft a gateway - what you want is closer than you think!
User: The academy has more secrets, just need to find them. You'll find a few, but this particular secret is distinct from the others - don't doubt yourself, try it!
Root: You're considered a particular type of user, rather privileged, you can see what others have done. You might need to audit a thing or two, you'll find a new secret. Afterwards you'll discover a new privilege - just feed it what it wants and you'll get root.
uid=0(root) gid=0(root) groups=0(root)
big thanks to @zweeden
Can... this be a feature on HtB?
Not the vuln obviously but the "Academy" thing. Was not expecting to see something so put together on a box, fantastic work @egre55 and @mrb3n
Always happy to help, DM me if you need anything!
Link to Profile
great machine @egre55 and @mrb3n , maybe a "medium" rating would be more appropriate ;o)
Awesome ASCII art !
I got the user flag, but how do I escalate to root I am confused......plz help..
any hints for as user to escalate admin priv
Rooted
I got a directory on the web server named Mo*****_f**** does this one help or I am in a rabbit hole
Type your comment> @St4yc4lm said:
I guess it's a rabbit hole, since you should find a more interesting page once you are more privileged than the mass...
rooted nice box
OSCP | I'm not a rapper