Official Bucket Discussion

Rooted nice Box :smile: :wink:

root@bucket:~# id
uid=0(root) gid=0(root) groups=0(root)

PM me if anyone need help

can anyone give me a nudge here? I have the ability to upload, not execute, i get that i have to place a payload somewhere else, but cant figure out where else i have permissions/access to do this. I see people talk about “linking” the two sites up, but dont really understand how to do that with the cli.

Edit: nvm - got user, was on it the entire time

Type your comment> @l0w said:

Rooted.

Fun box even though I faced a bit of problems with the user (which IMO was harder than root, but maybe I was just lucky).

Tips:

  • Foothold: Enumerate and read the docs.
  • User: Did you find anything interesting during enumeration, something you didn’t know what to do with thus far?
  • Root: Good google search and basic code knowledge will help you a lot here, alternatively - RTFM.

Overall - RTFM basically

is the php file a rabbit hole here? Seems that the tables are not appropriately set up for this script to work, also wondering why the local 8*** is even there is there isnt anything here.

Hey Guys,

I have found the 2 URLs but still unsure how to get a foothold any advice? Please and Thank You

Hey Guys I have a foothold still can’t read user flag. Does anyone have any advice for a nudge?

Type your comment> @Raskul82 said:

Hey Guys I have a foothold still can’t read user flag. Does anyone have any advice for a nudge?

if you have a foothold you already have the capability and access needed to get the user flag. what enum have you done? have you played around with the cli tools? did you do the typical dir discovery on the websites?

rooted - thanks @TazWake for that final nudge
foothold - learn the cli, fairly simple actually once you find the correct cli methods
user - your previous enum (done on every initial htb engagement) will find the hints and things you need for this
root - funny script will lead you down a few rabbit holes, if you encounter any new tools, research them thoroughly and you’ll find what you need…once you find it, you’ll solve this VERY quickly, so dont spend too much time down each rabbit hole

Type your comment> @benjamin2000 said:

I was having the exact same problem, I was so confused at the beginning with the redirect to this weird domain… Can anyone explain why the extra / is so important?

Thanks! I’d been struggling with this for hours… :cold_sweat:

rooted!!!

Last login: Mon Jan 18 01:44:33 2021 from 10.10.14.9
root@bucket:~# id
uid=0(root) gid=0(root) groups=0(root)
root@bucket:~# whoami
root
root@bucket:~#

pm me for hints

it’s hard to be root!!

rooted finally
root@bucket:~# cat root.txt
fea43…c0d1

All the info here already but you still need to work a lot to figure out the correct contexts and syntax… it’s taxing…

Foothold: you really need to dig into the business of book sellers… once you learnt your lessons, it’s easy but you need the correct timing (no need scripting though)

User: then you have it / if not, go back to sqrt(1) and enum further

Root: go back to learn again and after a few days you will figure it out because the concept is basic and straightforward (script enum won’t help here much)

i feel like im missing something freaking obvious…
i got some creds but i can’t find a place to use it, i saw you guys comment about putting stuff to the s* but i just can’t find the sub domain or dir manually by guessing
edit: just got user, realize the above reasoning is wrong so i crossed over it :>, @TazWake 's nudge is pure goodness tho, despite me speak all messy lol

auto tools wise both nmap and gobuster are giving me hard times: takes forever and lots of time-outs, is it intended i.e. some firewall on the box or is it my network having issue? uh can somebody please answer this? i’ll check pm as well!
edit: yes it is my network having issue

< 3 thank you

i sense RTFM coming
imma do that

@bitn4b said:

i feel like im missing something freaking obvious…
i got some creds but i can’t find a place to use it,

They might come in use later on.

i saw you guys comment about putting stuff to the s* but i just can’t find the sub domain or dir manually by guessing

I assume you have only used the GUI interface to the D**** **. If so, consider using the command line tool for the service you are attacking.

auto tools wise both nmap and gobuster are giving me hard times: takes forever and lots of time-outs, is it intended i.e. some firewall on the box or is it my network having issue? uh can somebody please answer this? i’ll check pm as well!

I am not aware of any firewall which would time out connections. There are only two ports open as far as I can remember and you only need one to get a foothold. You can use the other after you get user.

I am sure about the root. It’s between the ransomware and alerts. But I have few doubts on how to proceed with that. I appreciate a nudge if this is not the way to root.txt

such cool box, help me realize i have one deadly misunderstanding (can’t say, would spoil)

in hindsight, remember the game is centered around “bucket” will save a lot of rabbit hole (says a person chasing so many rabbits and successfully miss the pe so many times)

will come back to the box to see how things are implemented

hello there, i’m stuck ! i cant get a reverse shell
i made a script to upload the shell then trigger it from b*****.h**/revshell
but i never got the shell

Edit : after reseting the box everything worked fine :smiley:

Thanks for this box. User was not hard, even if it took some time to figure it out. Root was harder. A lot of things learned.

Any hints for get root?

Type your comment> @LMAY75 said:

I’m not very familiar with this service, not sure where to query. Found the h***th page that confirmed the service on the backend but not sure how to proceed.

Edit: Nvm, it appears I DIDNT REALIZE THE IMPORTANCE OF A SLASH. God that is so annoying, since when did slashes at the end of a URL matter?

Thank you I already went by it thinking someone else uploaded it or so whatever.