Official Spectra Discussion

Type your comment> @sonym said:

Did anyone have a problem with “i****tl: Unknown j**:…” on privesc?

You don’t need to give the full name of that thing. Only the first part is needed

Finally rooted.
I was blind to see the foothold part. It was right in front of me but it took me some time to see it.
User part was enum (like going through everything)
and root part was nice.

This was a fun box. I spent WAY too long on user.

Getting user isn’t hard if you look at the right file…but if you don’t good luck. (thank you to person who helped get me back on track.)

Root was a heck of a lot easier imo.

DM me if your stuck :smile:

i’m lost…

web stuff isn’t my strong point though… but everyone is saying this one is super easy. i cant figure it out. I’m looking at all the files, not really sure which one is supposed to stick out, because right now, none of them are sticking out lol

tried to brute web login for administrator, didn’t get any hits.

Looked at the source of available pages, per someone’s reply on here, but i dont see anything out of the ordinary there either… wouldn’t mind a hint to figure out where i’m supposed to be looking…

My DM’s are open if you want to reach out to me directly and not risk spoiling anything for anyone else

Type your comment> @Galapag0s said:

This was a fun box. I spent WAY too long on user.

Getting user isn’t hard if you look at the right file…but if you don’t good luck. (thank you to person who helped get me back on track.)

Root was a heck of a lot easier imo.

DM me if your stuck :smile:

can you help me a bit (guide to the right path) about user? Found a cred but already tried to connect to all users using that cred and didn’t work… I’ve been rummaging all directories but couldn’t find anything or missed

Edit : got user. I really overlooked this part…

Need a nudge for user.
Have run both linpeas and linenum but never noticed anything. have manually trawled through directories but not seeing anything.

This had to have been one of my favourite rooms recently. Thanks for the awesome room. The foothold was interesting and the root tested a few skills I hadn’t got used to.

Anyone can point me to the right direction?
Got my foot in, trying to pivot to the user but can’t find what everyone else found.

Type your comment> @umar0x01 said:

Type your comment> @AbuQasem said:

i spent hours trying to get a revshell and still cant get a connection back!
tried php,msfconsole,bash and even made my own pl**n but cant get a shell !!!

Make sure you’ve the URI in msfconsole set to right path!

Same here. Tried three different ways, they all fail. The box is sluggish when attemping two of the ways. I switched VPNs thinking that would help. Nope. Pretty strange, since the msf is straightforward and no tricks.

Type your comment> @phr0zengh0st said:

Type your comment> @umar0x01 said:

Type your comment> @AbuQasem said:

i spent hours trying to get a revshell and still cant get a connection back!
tried php,msfconsole,bash and even made my own pl**n but cant get a shell !!!

Make sure you’ve the URI in msfconsole set to right path!

Same here. Tried three different ways, they all fail. The box is sluggish when attemping two of the ways. I switched VPNs thinking that would help. Nope. Pretty strange, since the msf is straightforward and no tricks.

Look on Github, there are a few tools that will make the p****n for you, spawn a MS handler and once you upload the thing it made for you, you can a connection back. I couldn’t get any of my regular methods to work either so I found a tool and it worked.

Can somebody help with the first foothold? I don’ know what i searching for

Is the box glitched for anyone else? I have root but I can’t see anything in the root directory even after a reset.

Type your comment> @baegmon said:

Is the box glitched for anyone else? I have root but I can’t see anything in the root directory even after a reset.

Thats probably because you are in the docker as root and not the host… try running “hostname” to confirm…

Type your comment> @k01n said:

Can somebody help with the first foothold? I don’ know what i searching for

Enumeration is the key… try looking around the broken environment… you should be able to stumble on a juicy file that will immediately attract ur attention :wink:

I really enjoyed this box.

Big thanks to Galapag0s for the nudges!

Phew, spent way too many hours on foothold. Rest of the box is pretty straightforward from there. Overall this machine was a good lesson in taking a look at what you have before resorting to tools.

Thanks to Galapag0s as well for a nudge!

hi im new here if can someon show me how to start with hacking

Type your comment> @GHOSTanonymus said:

hi im new here if can someon show me how to start with hacking

Welcome to HTB. I great place to start is with the retired machines. Ippsec (find him on youtube) has some amazing walk throughs of the retired machines. Thats how I got started.

@Thanks bro but i dont have premiume so i cant do retired machines

The last two are available and there are still starting point & academy labs you can do without it costing money.

Its also worth watching the Ippsec videos even if you cant follow along.

However, this isn’t really related to the box so please start a new thread if you want to discuss this.