Official Delivery Discussion

Judging by the amount of forum traffic, @ippsec this box has been very popular especially with the newer users amongst us. Thank you.

Other box creators, if you are listening, we need more easy- and medium-rated boxes to help our new players learn their skills. And while I’m at it, we should probably have more Windows boxes to better prepare for the real mostly Wintel world.

Just my opinion. Feel free to PM if you disagree.

Rooted!

Thanks @ippsec for the box and note :slight_smile:

Rooted
Stuck for the foothold , just read what is on front of you .
For the root part, check which service is running and don’t forget what was read previously. DM if you need help

This is my first time on HTB, although this machine seemed very straight forward I kept running into walls where things wouldn’t behave as expected which made me over think it. After walking away for a day I decided to look up some tutorials, all of which did exactly what I did but they got different results which allowed them to move forward. Can I dm someone to talk about this more? I’m a noob and I’m sure I’m just missing something so I have some noob questions that are too specific for a google search unfortunately lol

Type your comment> @thris0 said:

This is my first time on HTB, although this machine seemed very straight forward I kept running into walls where things wouldn’t behave as expected which made me over think it. After walking away for a day I decided to look up some tutorials, all of which did exactly what I did but they got different results which allowed them to move forward. Can I dm someone to talk about this more? I’m a noob and I’m sure I’m just missing something so I have some noob questions that are too specific for a google search unfortunately lol

I’m happy to help

Rooted,

For most of machines that i’ve done this was a very good and easy one. Some others easy are very more difficult than this one.
A big thanks to @ippsec for the work on this one.

For people who need a nudge MP me.

PS : This is a very good one machine for beginners

does anyone have any advice with how to crack the hashes with ht? I have tried a lot of variations and rules, but nothing. also, new to ht “variations”.

@blanks said:
does anyone have any advice with how to crack the hashes with ht? I have tried a lot of variations and rules, but nothing. also, new to ht “variations”.

https://hashcat.net/wiki/doku.php?id=rule_based_attack

You need the hint to make it work. PM if you’re lost.

Maaannn, wtf is wrong with the box, so so so f*cking slow

Fun box. I am really pleased to see easy ones back on HTB!

The process here is very straightforward. Just follow the trail.

Does the email actually send for the verification part? Im confused about this because i have never received one. . i have the exploit but in order to “activate” it i need an account.

@sudozeus said:

Does the email actually send for the verification part? Im confused about this because i have never received one. .

Yes - if we are talking about the same service.

i have the exploit but in order to “activate” it i need an account.

Are you sure you used the correct address?

I have user but had to watch a video tutorial (sorry to say). I’m curious if others can share how they enumerated (private if you would). I used traditional nmap, nikto, dirbuster, and searchsploit for what I was finding and got no where. I did not find this intuitive at all. The most helpful hint of all was the h***s file hint. Again, my first hack, and definitely learned trying too hard is not the way to go.

A fantastic learning experience and great setup!

@redeyehal said:

I have user but had to watch a video tutorial (sorry to say). I’m curious if others can share how they enumerated (private if you would). I used traditional nmap, nikto, dirbuster, and searchsploit for what I was finding and got no where.

If you visit the page, the information is there.

I did not find this intuitive at all. The most helpful hint of all was the h***s file hint. Again, my first hack, and definitely learned trying too hard is not the way to go.

Dont focus too much on tools. Opening a site in a web browser is often very effective.

Rooted. This was a nice fun machine, but it did highlight a serious problem that is very common. @ippsec, great machine, and looking forward to many more.

Anyone needs a nudge, feel free to DM me.

pm me for hints

rooted, if anyone struggling with the cat: just do it like ippsec would do…
pm me for hints

Is p8065 meant to 404?

Type your comment> @netbanger said:

Is meant to 404?

lol, all i had to do was ask the question

@netbanger said:
Is p8065 meant to 404?

nope.