Official Delivery Discussion

this is a walk in a park machine, rooted, feel free to DM me for any hints or nudges :slight_smile:

Oh boy. Root was easier than the user for me on this one. I was making a real stupid mistake getting the foothold. I thought the machine was broken until I really sat down and thought about it. Feel a bit silly I didn’t realise my mistake earlier! Otherwise, it was a fun ride.

hai guys thanks for the hints in this forum as a beginner really helpful

FOOTHOLD: carefully read the given hints & note down the step at the process in hk.
USER SHELL: if u do foothold correctly, then u can get the hints for this step
PRIVSEC: check where u come from & what s
v
e running
ROOT: ippsec.rocks website search + h
h**t help u

after getting rt dont forgot to read the ns.tt ippsec leave a nice message

any help ping me

Feel dumb, just doesn’t recieve the response to move further…

Running colabcat with ‘-w 4’ and it’s taking quite a while; I suppose thats normal because b*****, but how much time should it take approximately?

@blvckmetxl said:

Running colabcat with ‘-w 4’ and it’s taking quite a while; I suppose thats normal because b*****, but how much time should it take approximately?

If you have the correct wordlist, seconds. If you are running it with various rules, then it probably wont work.

I’m stuck guys, the only thing I have done is get the ticket, can anyone help me with this.

@ub007 said:

I’m stuck guys, the only thing I have done is get the ticket, can anyone help me with this.

Have a look at what getting a ticket gives you. Use the new information elsewhere and get access.

Type your comment> @TazWake said:

@ub007 said:

I’m stuck guys, the only thing I have done is get the ticket, can anyone help me with this.

Have a look at what getting a ticket gives you. Use the new information elsewhere and get access.

Do you mean the agent login? I was trying to login with that @delivery.htb email on agent login but I don’t have the password.

@ub007 said:

Do you mean the agent login?

No.

I was trying to login with that @delivery.htb email on agent login but I don’t have the password.

There is a thing you can definitely log into, you don’t need an email for it.

You can use the email to set up something else and read the response in the thing you can definitely log in to.

Type your comment> @TazWake said:

There is a thing you can definitely log into, you don’t need an email for it.

You can use the email to set up something else and read the response in the thing you can definitely log in to.

port 22?
I’m sorry man I’m not able to understand this, it’s kind of my 2nd box.
I need help.

@ub007 said:

port 22?

No, there are more than two ports open.

I’m sorry man I’m not able to understand this, it’s kind of my 2nd box.
I need help.

Easier said than done without spoilers.

So:

  • read through the thread here, this has been raised a few times.
  • create a ticket, look at what information you are provided with and check the status of the ticket. You can now read it and any updates sent to it.
  • the information provided gives you something you can use on the highest port which goes somewhere you can now read

@TazWake said:
@ub007 said:

port 22?

No, there are more than two ports open.

I’m sorry man I’m not able to understand this, it’s kind of my 2nd box.
I need help.

Easier said than done without spoilers.

So:

  • read through the thread here, this has been raised a few times.
  • create a ticket, look at what information you are provided with and check the status of the ticket. You can now read it and any updates sent to it.
  • the information provided gives you something you can use on the highest port which goes somewhere you can now read

Bro Do you know what this error means?
ssh {user}@10.10.10.222
{user}@10.10.10.222:Permission denied (publickey, password).

@ub007 said:

Bro Do you know what this error means?
ssh {user}@10.10.10.222
{user}@10.10.10.222:Permission denied (publickey, password).

Yes, it means {user} cant access the SSH server using the method supplied. It looks a lot like the error you get when SSH access is denied completely.

That’s why I said “no” to port 22 before.

Type your comment> @TazWake said:

@ub007 said:

Bro Do you know what this error means?
ssh {user}@10.10.10.222
{user}@10.10.10.222:Permission denied (publickey, password).

Yes, it means {user} cant access the SSH server using the method supplied. It looks a lot like the error you get when SSH access is denied completely.

That’s why I said “no” to port 22 before.

There are 3 ports open (REMOVED) are these all of them, or my enumeration is incomplete?

@ub007 said:

There are 3 ports open (REMOVED) are these all of them, or my enumeration is incomplete?

That looks correct to me. I’d ignore the first one you listed for this entire box.

EDITED: This was an incorrect statement, sorry. Just ignore it to start off.

Type your comment> @TazWake said:

@ub007 said:

There are 3 ports open (REMOVED) are these all of them, or my enumeration is incomplete?

That looks correct to me. I’d ignore the first one you listed for this entire box.

Bro, I got the email and I logged into the M*****t , I’ve uploaded a payload into the innal, How am I supposed to execute it?

@ub007 said:

Type your comment> @TazWake said:

@ub007 said:

There are 3 ports open (REMOVED) are these all of them, or my enumeration is incomplete?

That looks correct to me. I’d ignore the first one you listed for this entire box.

Bro, I got the email and I logged into the M*****t , I’ve uploaded a payload into the innal, How am I supposed to execute it?

OK - I misread my notes before, sorry.

So if you have access to that service you have some information you can use to try and access the port you tried before but failed. There is a message which tells you what to do.

Alternatively, if you’ve uploaded something, you can try to execute it by calling it at the upload location.

Type your comment> @TazWake said:

@ub007 said:

Type your comment> @TazWake said:

@ub007 said:

There are 3 ports open (REMOVED) are these all of them, or my enumeration is incomplete?

That looks correct to me. I’d ignore the first one you listed for this entire box.

Bro, I got the email and I logged into the M*****t , I’ve uploaded a payload into the innal, How am I supposed to execute it?

OK - I misread my notes before, sorry.

So if you have access to that service you have some information you can use to try and access the port you tried before but failed. There is a message which tells you what to do.

Alternatively, if you’ve uploaded something, you can try to execute it by calling it at the upload location.

Just got the user, going for the root now.
@Tazwake Thanks for the help man

I’m gonna text you again if I need your help in Root.

EDIT: ROOTED. My DM is open if anyone needs help.

Just got root!

Thanks for the tips/advice in here.

DM if you need a hand.