Keep in mind there are always multiple ways to do things, but if you get brick-walled on one particular vector, take a note on it and move onto something else.
I think this is the most useful advice (for me) I ever read here on htb.
Struggling to make progress. Ive tried sql injection on the webpages but made no progress. Ive run nikto and ffuf looking for subdomains. Im going to try the non webport next
Foothold: I looked over something very simple whislt trying to break into the machine, posting stuff around without checking is never the right way of doing things…
User: Not too difficult here, enumerate and use your google fu to get you by. GREP helped me a lot here.
Root: Possibly the easiest part of the machine if you picked up on something interesting while enumerating.
Just rooted.
I have very little xp, but this is one of the most enjoyable machine so far.
Thanks @mrb3n and @egre55!
I can understand why people more experienced than me rated this easy.
For me was just in reach, after i stretched all myself
That was so much fun.
Just out of curiosity, can someone explain me what I saw during lateral movement?
That thing catches your eyes but I don’t understand it.
Was going back to the thing found during “lateral movement” and the thing is not there anymore. Can someone who already went over that point check it up, please? I dont know if something was messed up before of after i got that thing
@oceans11 said:
Was going back to the thing found during “lateral movement” and the thing is not there anymore. Can someone who already went over that point check it up, please? I dont know if something was messed up before of after i got that thing
Whatever “thing” you mean (probably a script) was likely put there from a fellow user. People sometimes don’t use the /tmp directory so you’ll find various recon/enumeration scripts, executables, etc. lying around sometimes, particularly in home directories.