Official Academy Discussion

is that thing on that port relevant ?

anyone got creds for a**** page?

Found s** file. Will be looking closer on this.

Was able to get admin and hit staging and see some interesting info but cant seem to remotely connect or get a foothold. Is this a rabbit hole? Where to go from here?

Type your comment> @zweeden said:

Was able to get admin and hit staging and see some interesting info but cant seem to remotely connect or get a foothold. Is this a rabbit hole? Where to go from here?

can u nudge me ?

I think the box is acting weird across all servers AU, US, EU …etc
All files are having 777 permissions

found some web pages and a high port, not getting much so far.

Is the admin login a rabbit hole ?

Got a reverse-shell!

@sT0wn said:
Got a reverse-shell!

Any tips?

Just got a foothold. Ran some enumeration scripts but didn’t see much and don’t know where to go from here. Saw a bunch of users and saw a couple of files.
Anyone know where to go from here? Or just discussion in general?
Any nudges appreciated :slight_smile:

@zweeden said:
Just got a foothold. Ran some enumeration scripts but didn’t see much and don’t know where to go from here. Saw a bunch of users and saw a couple of files.
Anyone know where to go from here? Or just discussion in general?
Any nudges appreciated :slight_smile:

Any advice? I feel like I’m spinning my wheels once I got into the a**** page

After enumerating for a while, I found a file with s** creds, but probably not useful for now…
What took my attention is the A** Ke* for L****el tried few things with it but it got me nowhere
is that file a rabbithole?

Just got user and looking for some assistance/help on privesc/rooting - I’ve enumerated and done the usual things and noticed the new group but didnt read anything interesting. I must be missing something.

Nudges would be greatly appreciated.
DM me please or if you need hints to get to user :slight_smile:

@ElleuchX1 said:
After enumerating for a while, I found a file with s** creds, but probably not useful for now…
What took my attention is the A** Ke* for L****el tried few things with it but it got me nowhere
is that file a rabbithole?

I’m stuck here as well :frowning:

Rooted!

Took a while to find the fairly obvious path to root… ??

Tnx @UrbanMystery and @LeBofDuRa

just rooted! feel free to dm or discuss! curious how others went about it!

Just finished, what a box! Here’s a few tips that can help.

Foothold: Check how you can escalate your privileges as a user on the academy, you’ll be led to a nice hidden place. Follow what you find, and you’ll find some interesting secrets. Use the secrets to your advantage to craft a gateway - what you want is closer than you think!

User: The academy has more secrets, just need to find them. You’ll find a few, but this particular secret is distinct from the others - don’t doubt yourself, try it!

Root: You’re considered a particular type of user, rather privileged, you can see what others have done. You might need to audit a thing or two, you’ll find a new secret. Afterwards you’ll discover a new privilege - just feed it what it wants and you’ll get root.

uid=0(root) gid=0(root) groups=0(root)
big thanks to @zweeden :slight_smile:

Can… this be a feature on HtB?

Not the vuln obviously but the “Academy” thing. Was not expecting to see something so put together on a box, fantastic work @egre55 and @mrb3n