Official ScriptKiddie Discussion

started to teach my kid HTB - would this be a suitable box for an absolute beginner? We gonna do it together tomorrow.

just realized I missed my only chance for first blood in a year :smiley: :smiley: lol rofl

If someone is able to give me a hint for foothold, I’d appreciate one.

Try harder.

Thought I’d blow past this one but stuck at foothold :confused:

Do we need to go after the upload? I can’t seem to find mine. Tried tinkering with other fields but to no avail.

EDIT: just rooted. this box is really meta. Jesus

any possible hints? 3 hours lead to nothing so far :sweat_smile:

Got user, but am I barking up the wrong tree with s—l----s.s-? I’m pretty confident I have a helpful input line, but I don’t see what triggers s—l----s.s- to execute. My line is just sitting there and the lines don’t seem to be being blanked out. (I can trigger the thing add its own ‘normal’ lines, too, but I can’t seem to trigger s—l----s.s- to read it…)

EDIT: Oops; I realize now that I broke it when I was poking around. In case anyone else makes the same mistake I did, just make sure you don’t accidentally delete/recreate the file that it’s reading. (I didn’t realize it was being triggered by in—n.) Rooted; fun box, thanks!

Must be missing sth… take longer than expected on foothold. Can anyone give me a nudge?

EDIT: rooted. could’ve done faster but anyway. Thanks 0xdf for creating the box.

the server executes commands based off of user input. think of exactly what commands are being run on the server (with arguments), and search for vulns from there

rooted! Good easy box. Thanks 0xdf :slight_smile:

Can someone give me a bump? i think im making foothold harder then it has to be. Did you need to use burp?

Nop burp is not used here

Got user. Any hint for the next step?

Any have a link can be useful or the link can give more information about the attack vector?
Thanks.

A little hint for me for user:

Please make sure that you are using the latest version of Metasploit.

I’m getting an error when I try to set the OS to Linux on the webapp, is everybody having the same issue? Just trying to figure out if I’m on the right track.

rooted, nice box, finally a real “easy” machine

rooted. good box. overlooked privesc for a while but it’s pretty straightforward.

i always get an error in OS linux. annoying.

great box thanks @0xdf
root@scriptkiddie:~# id uid=0(root) gid=0(root) groups=0(root)

Rooted, thanks to the creator of the box.

root@scriptkiddie:~# whoami; id
root
uid=0(root) gid=0(root) groups=0(root)