Type your comment> @trcm said:
I hate having to load up BURP every time I want to encode a stringâŚ
I foundcurl -G --data-urlencode "param=value" url
helpful!
Type your comment> @trcm said:
I hate having to load up BURP every time I want to encode a stringâŚ
I foundcurl -G --data-urlencode "param=value" url
helpful!
@bw00lley thanks, I also discovered a similar (but longer!) curl method :
$ curl -Gso /dev/null -w %{url_effective} --data-urlencode @- ââ | sed -E âs/âŚ(.*)âŚ/\1/â
But the shortest I found was simply :
$ jq -sRr @uri
Fairly enjoyable box - I can see why it was rated easy but there were some gotchas for people.
Pretty much all the good tips are already in the thread. All I can suggest is understand the OS a bit as that really helps. Two steps are very specific to that environment.
Pff. Somebody copied root flag to /home/root.txt with 777 perms :lol:
Canât rm it, still doing user - restarted the machine.
Please be mindful guys.
uid=0(root) gid=0(wheel) groups=0(wheel),2(kmem),3(sys),4(tty),5(operator),20(staff),31(guest),34(nvmm)
Restarted again to clean it up.
DM if you need a nudge.
Jeez, I needed handholding through getting user. Foothold and root were OK but I could not work out how you would know how to get user. I guess you just need to try that every time!
Type your comment> @bw00lley said:
Jeez, I needed handholding through getting user. Foothold and root were OK but I could not work out how you would know how to get user. I guess you just need to try that every time!
haha can you hold my hand to pay it forward? lol to me the next logical step is to exploit a similar looking service but running with user permsâŚbut it doesnt seem vulnerable (i feel like i have new creds but am unable to find where and how to use them!)
Type your comment> @unkn0wnsyst3m said:
haha can you hold my hand to pay it forward?
Have sent you a PM.
so Iâm stuck as the _h**** user and canât get user. Any hints please DM. I can explain what Iâve discovered so far.
@s3gf4ult said:
so Iâm stuck as the _h**** user and canât get user. Any hints please DM. I can explain what Iâve discovered so far.
This is possibly one of the more challenging steps.
The place youâve landed has what you need to access a resource you couldnât previously access.
Now you are inside the wire, you can access it differently and through some command line requests, you can get it to give you what you need to get a real shell.
Why are you all write these useless âRootedâ, âFinally rootedâ, etc.? Do you really think anyone cares about it? Please, stop kissing yourself and start be more informative. Give some hints regarding machines. That would be really helpful, instead of your narcissism.
alright so silly me looking through the man pages
https://man.netbsd.org/NetBSD-9.0/****
Thanks @r0m4r10 @bw00lley for the support here, definitely was on the right track but routinely missed the critical nugget to show me the answer in my online research
foothold: already discussed is depth, burp can also help here (there is a plugin that will help)
user: man oh man, what a journey huh?? oddly enough, the âdevâ version has your foothold patched, but there is another way inâŚunderstand what the service is running, how, and why (this was the challenge for me, i misread the manual, no not that manual, the other manual!..)
root: this phase is very specific to the OS, enum will find the artifacts you need, but youre not done yetâŚwhat you have and what you think it can be used for is correct, but you cant get there through the normal way, you need to find a different command. - for me the man pages screwed me over, but while searching you will find the hints you need in your research results.
@b1narygl1tch said:
Why are you all write these useless âRootedâ, âFinally rootedâ, etc.? Do you really think anyone cares about it? Please, stop kissing yourself and start be more informative. Give some hints regarding machines. That would be really helpful, instead of your narcissism.
So, generally, they are people, at the very least identifying that they can help others if needed - but most of the time all the hints are already in the thread. For lots of people it is also a nice way to share their excitement and feeling of success.
Complaining about other peopleâs posts is rarely useful and insulting everyone else feels like an odd way to encourage more helpful posts.
The narcissistic posts are the ones which say âthis box was so easyâ or âI did it in three secondsâ or ârooted this shitty boxâ/ârooted this useless box.â That is people trying to show how superior they are to the box, people who say âIt took me months but I finally rooted this boxâ are most certainly not boasting.
Type your comment> @TazWake said:
@b1narygl1tch said:
Why are you all write these useless âRootedâ, âFinally rootedâ, etc.? Do you really think anyone cares about it? Please, stop kissing yourself and start be more informative. Give some hints regarding machines. That would be really helpful, instead of your narcissism.
So, generally, they are people, at the very least identifying that they can help others if needed - but most of the time all the hints are already in the thread. For lots of people it is also a nice way to share their excitement and feeling of success.
Complaining about other peopleâs posts is rarely useful and insulting everyone else feels like an odd way to encourage more helpful posts.
The narcissistic posts are the ones which say âthis box was so easyâ or âI did it in three secondsâ or ârooted this shitty boxâ/ârooted this useless box.â That is people trying to show how superior they are to the box, people who say âIt took me months but I finally rooted this boxâ are most certainly not boasting.
Not boasting, just flooding with useless messages. And yes, there are really useless boxes/tasks that donât require anything except bruteforcing, for example. Iâll just describe what is a good post from my point of perspective: âRooted! Feel free to contact me. Here are some hints: user⌠rootâŚâ Thatâs the useful post.
@b1narygl1tch said:
Not boasting, just flooding with useless messages. And yes, there are really useless boxes/tasks that donât require anything except bruteforcing, for example. Iâll just describe what is a good post from my point of perspective: âRooted! Feel free to contact me. Here are some hints: user⌠rootâŚâ Thatâs the useful post.
Awesome - I look forward to seeing you lead by example on that. Until then, you can continue to make the posts you think should go into a thread and so can other people.
Type your comment> @TazWake said:
@b1narygl1tch said:
Not boasting, just flooding with useless messages. And yes, there are really useless boxes/tasks that donât require anything except bruteforcing, for example. Iâll just describe what is a good post from my point of perspective: âRooted! Feel free to contact me. Here are some hints: user⌠rootâŚâ Thatâs the useful post.
Awesome - I look forward to seeing you lead by example on that. Until then, you can continue to make the posts you think should go into a thread and so can other people.
You can check my previous posts at least. I always tried to be informative.
@TazWake @b1narygl1tch i find that even the âuseless messagesâ are still somewhat helpful. When i am strugging, I certainly take some solice in seeing that the people that solved these challenges quickly were very experienced so it makes sense why i am having a hard time. Iâve learned that experience really does take you a long way in this field, and htb works to help educate and fill the gap, so all comments are helpful to me (even if just a little). But to @TazWakeâs point, i certainly have reach out to some of those people that just said ârootedâ and theyâve been very helpful with minor nudges or just confirmed that i was on the right path.
Hi,
This is my first box. I am starting to thing that maybe I make the wrong choice. I found things, of course. Some places to visit and I found out how to say moon in portuguese . I wonder if this is the way to find my initial foodhold via l** lang****. Iâve ran out of ideas but before continuing I want to know if it is a hole rabbit or not. Thanks for your help.
@j4M35B4r0N said:
Hi,
This is my first box. I am starting to thing that maybe I make the wrong choice. I found things, of course. Some places to visit and I found out how to say moon in portuguese . I wonder if this is the way to find my initial foodhold via l** lang****. Iâve ran out of ideas but before continuing I want to know if it is a hole rabbit or not. Thanks for your help.
I got initial foothold via that technology.