Port 80 is open on the machine. When I navigate to http://BOX-IP it redirects to “http://academy.htb/” but I am unable to reach that domain. I do not get any server response. Am I on the wrong track here?
Port 80 is open on the machine. When I navigate to http://BOX-IP it redirects to “http://academy.htb/” but I am unable to reach that domain. I do not get any server response. Am I on the wrong track here?
Just got user. Wasted around two hours digging through the wrong place. If you feel you’re looking at the right stuff, but have information that doesn’t work, maybe try looking around for something similar to what you have somewhere nearby.
Beating my head against the wall on foothold. Found a couple possibly relevant exploits to get RCE, but nothing I’ve tried is working. Would someone be able to send a nudge as to what I’m missing on the exploit?
Well, I’m back on HTB after a year and a half break and I am apparently really out of practice. I’ve gotten the Ll debug page and have found a corresponding exploit via searcht, but the exploit isn’t working and I can’t figure out why. Any nudges?
Well, I’m back on HTB after a year and a half break and I am apparently really out of practice. I’ve gotten the Ll debug page and have found a corresponding exploit via searcht, but the exploit isn’t working and I can’t figure out why. Any nudges?
Nevermind! I got it! Foothold was probably the most awkward due to the paramter that’s easy to miss and/or misunderstand. Awesome box! Path to root was pretty great.
Academy is one of the most funniest box i ever did. So congrats to its creator.
I have one question about the root path : is it possible to exploit the B**** S****** ? i try but it seems not vulnerable even if the version of the command seems. Maybe i did something wrong or the exploit i used was not the best.
That was a battle of will. Pretty easy box till you try to get user2. Missed what I should have found, but found it in the end. User2!, pay attention to groups and search google where things might get logged, then X*D will be your friend. Thanks egre55 and mrb3n, learned one valuable thing. Cheers
Hi,
In Section: “Interrogating Network Traffic With Capture and Display Filters”.
Module: INTRO TO NETWORK TRAFFIC ANALYSIS
There is a question about which ports the host and server are using.
“What are the client and server port numbers used in first full TCP three-way handshake? (low number first then high number)”
I have found the answer but I do not agree with it. What I can see in the answer it is not a Full TCP-handshake. It is SYN,SYN-ACK, RST. I was expecting a ACK in the end? Have I misunderstood it?
Isnt a FULL 3-way-TCP-handshake: SYN,SYN-ACK,ACK?
Lets say correct port is Y
“My” port is X.
The first occurance (what I can find) of port X is
[S]
[SYN.]
[.]