Official Academy Discussion

Nice box! Don’t forget to update your enum scripts.

I am having issues with http://academy.htb/ . It keeps saying server IP can not be found. Is anyone else facing this issue?

Type your comment> @zedgell said:

I am having issues with http://academy.htb/ . It keeps saying server IP can not be found. Is anyone else facing this issue?

Try putting ‘academy.htb’ and the ip in your hosts file

@panicfox said:
Would someone be able to nudge me? I know where i need to change a value to escalate my privilege on the website but I have no idea how to go about finding the correct value to use, nor how to properly enumerate. I tried burp intruder but only received a bunch of errors.

I’m also curious as to whether the site should look broken? None of the links I click work correctly, not even logout. I have no idea if it’s intentional or not.

You don’t need the links, just pay attention to the registration and auth mechanisms. Open the hood and go through the whole process, when you find it it should be obvious what number to use.

Type your comment> @sx02089 said:

Nice box! Don’t forget to update your enum scripts.

You know, I think about that a lot, and then I don’t end up doing it until I reinstall the OS or VM. It would definitely be a good practice to update more often, haha.

Rooted, PM for hints, although this thread has a bunch of them already :slight_smile:

Someone give me a nudge please.
I changed a param by burp, and it took me into a special page, throught that page I saw souce code error messsages and some important information, but I don’t know what should I do next. Thx.

Can someone help me with the inital foothold? I got into the “secret” page and saw some interesting info, researched some things and tried some exploits with no luck.

Could someone pm me pls?

@hashtagdeg said:
Someone give me a nudge please.
I changed a param by burp, and it took me into a special page, throught that page I saw souce code error messsages and some important information, but I don’t know what should I do next. Thx.

Try to find out more about what you see :wink:

@LiamKRP said:

Can someone help me with the inital foothold? I got into the “secret” page and saw some interesting info, researched some things and tried some exploits with no luck.

Could someone pm me pls?

You’re on the right track.
You either need to dig further, or check the exploits’ params :wink:

Nice box! Very funny especially the part of the second user! Congrats @egre55 and @mrb3n !

Pm if anyone need a nudge.

Type your comment> @panicfox said:

Would someone be able to nudge me? I know where i need to change a value to escalate my privilege on the website but I have no idea how to go about finding the correct value to use, nor how to properly enumerate. I tried burp intruder but only received a bunch of errors.

I’m also curious as to whether the site should look broken? None of the links I click work correctly, not even logout. I have no idea if it’s intentional or not.

If u have already escalated ur privilege on the website then maybe u should try to search for some other portal for logging in as a privileged user

i get root but flag is error

Rooted. For some reason, I did not notice the first step for foothold for quite an embarrassing amount of time. Sometimes it helps to go very slow at the start of your investigation and examine everything carefully. It’s so dead obvious, you cannot miss it… I guess I was expecting something to be found at a later step. It really is easier than anything I have seen before on here so I guess I didn’t expect it to be there. A good lesson in being thorough I guess.
The rest of the box flowed fairly quickly and did not require any brute force or scanning. Everything can be done with off the shelf tools and this box really did feel easy for once. Nice box to get me back in the mode after a couple month break, I enjoyed it!

Spoiler Removed

Wow web apps are really not my thing. Using the bodily function program on the second login page but whichever of the 3 parameters I change do nothing, am I being stupid?

Could anyone please PM me hint for user?

I’m going crazy looking for a needle in the haystack on the root path. Can any one give me a hint on PM?
Thanks for advance!

PD: Rooted. thanks everyone who help me ! :slight_smile:

Rooted, simple and straight forward. Has anyone done it without ms** ? I interested to discuss. I had troubles with some libraries.

Rooted, feel free to PM for a hint but be prepared to tell me what you’ve tried

Got 2-nd user. It has a privilege to read smth special, but needs lots of greps. People write above that it can be done without greps and lesses. I suppose it is a useful util or command to be aware off. So If anybody aware of it, dm me pls!