Nice to see a little variety in the OS types on htb.
hints:
Foothold: parameter needs some closure to move on
User: do some local authorized browsing
Root: more common tools you might be used to won’t work - find the safer and simpler os specific tools and you’re done
Easy box? ??
stuck on root
Anyone able to assist? I think i have found the parameter i need to change but not sure to what.
Type your comment> @wooly13 said:
Anyone able to assist? I think i have found the parameter i need to change but not sure to what.
PM me.
Didn’t like this machine… User was a little tricky and not an easy one but root was easy just stay home you will find something, simply ! Pm for nudge
Rooted. Wouldn’t mind having a chat with someone who got user without any hint / without reading the forum here.
There’s a specific detail that I really only got by a random guess based on what someone said here. I’d like to know how I should have figured it out the “proper” way so I can learn something.
Type your comment> @Hyp3rDrive said:
Rooted. Wouldn’t mind having a chat with someone who got user without any hint / without reading the forum here.
There’s a specific detail that I really only got by a random guess based on what someone said here. I’d like to know how I should have figured it out the “proper” way so I can learn something.
Others may disagree, but here’s my opinion.
The specific part you are taking about is somewhat artificial. Although in principle the way you “discover”, “guess” or “modify” that type of data is a common style of attack, in this specific case you’ll only see it work that way in a (partly) ctf style box such as this one.
That being said, the learning experience of figuring it out is a valuable one if your goal is to learn and practice the tools and techniques of web pentesting.
Rooted. Not an easy one.
Struggling with parameter
I can get a shell, but I get disconnected after a few seconds. I tried a few things to work arount that but have been unsuccessfull so far. If someone has a few tricks to share that’d be cool
Edit : I was trying to get a shell on port 9001 and kept being disconnected. I changed it to port 1234 and now it works like a charm.
Man. This thing has been rough. I finally managed to get to user, but now I’m struggling to find a way to root. Any tips on how to better enumerate this type of box?
If anyone could drop me a message I am stuck on the foothold, done a lot of enum and tried changing things to get access to things. Will give more info over PM. Would be very much appreciated, thanks!
Rooted! Congrats @polarbearer I learned a new few things!
umm I’m agree with the other discussion, (for me) It’s a bit hard to be an easy box.
Hello guys, i was found r*t.t, but dont know what to do then. Can someone help me?
Finally rooted. In retrospect, is this box easy ? Yes, it is. There’s no crazy concept, no binary exploitation madness or 32 lines commands with a million options that you need to put in order so your computer doesn’t crash, but… It’s really different from what’s usual on HTB.
Anyway, thanks @polarbearer !
Oh and big thanks to @cool4coder who assisted me along the way
That box made me say ‘oof’ at the end of it. Keep after it and read the blog posts.
DM for nudges.
I learned a lot on this one. Thanks @polarbearer! A hint for root: pay attention to file types . As always PM me for hints or discussion. Helping others learn helps me learn .
Stuck at the ‘attempt to call a nil value’. A nudge would be greatly appreciated.
Nice box ! NetBsd was something new to me so, I had to learn a bunch of new stuff. Which is exactly what I’m looking for. PM if you need a nudge !