Official Tenet Discussion

Type your comment> @TazWake said:

@Zsherminator said:

(Quote)
Is it added to your hosts file?

Nope, that was the tip I needed. Thanks ! :slight_smile:

Rooted. This box was a lot of fun, learnt a lot from the foothold, user and root was pretty straight forward. To me, the foothold was kinda medium level
PM me if you need help/nudges

Is anyone available to help me with the initial foothold? Please ping me on personal chat.

@Saikorian2k5 said:

Is anyone available to help me with the initial foothold? Please ping me on personal chat.

The HTTP host header is worth manipulating.

Box is pretty straight forward after you find the interesting file to use for the foothold. Not a big fun of such “guesswork”, even though it shouldn’t take too many guesses.

I got root in a…“wasteful” manner on the last step. Other available methods that I tried didn’t cut it. Any hints on alternatives?

Rooted. Nice box.

Foothold: This was the part I struggled the most as you clearlt found THE clue but it’s not clear (at least for me) how to use. Finally try to understand how you may unlock hidden places. After you’ve arrived in the right place don’t be too serious about it and go for the simple path. Some famous guru in the hacking business can teach precious techniques.

User: as other as already said, take the simplest path and go for it, is right under your nose

Root: enumerate and see what can do. The logic is pretty straight forward, but to make in practice can take some frustrating time

Thanks for the box

Absolutely funny and better learnt something new.

Just Finished the Machine. If help needed send a message. :slight_smile:

Well guys… it’s such a machine!

I was stucked on foothold. Do you believe that ? I tried keywords on prefix and suffix of url but I could’nt imagine it was on both :neutral: . Then I saw the vulnerability and tried a couple of days to exploit (going to give up) but I was a dumb :neutral: : didn’t understood I was trying to create a file on server :neutral: . Next step is to pawn user, not imediate but password is around. Therefore, user password is crackable but it is not present on kali’s wordlists.

For root I see clearly what to do. It’s a question of timing and flooding console with bash commands. Nice box !

Hey new hackers! Did you see info card ? :blush: I’m such a dumb! :neutral:

@btnrsec said:
I am stuck on foothold… Is r****.p–s/ and s**.p–**s/ a dead end? I tried to fuzz ‘beyond’ them but no luck. I even tried other things sdrawkcab and nothing yet…

Did you see info card on htb site ?

Hi, I’m stuck on foothold : I found sa***.tenet.htb domain, with his s*****.php file, but I can’t see what can I do with that things , any hints ?

I am having an issue with the s** for root. I have done what i needed to i think and when I attempt it, it wont let me in. I have done it multiple times but wont work. anyone around to help?

the privesc was fun, I struggled with getting a foothold for 2 days and lots of google, user and privesc was easy. I have got to work on footholds… other than just trying harder on more vms, anyone got some reading material on getting initial footholds in general?

Type your comment> @devilray said:

I am having an issue with the s** for root. I have done what i needed to i think and when I attempt it, it wont let me in. I have done it multiple times but wont work. anyone around to help?

what user were you logged into on attacking machine when setting up? also do a proof of concept with a test file just to make sure it will find the thing

Wonderful box,thanks @egotisticalSW . Initial foothold process was a very good learning experience for me. Enjoyed it a lot.
If anyone needs hint can pm me.

Type your comment> @qazwer said:

Type your comment> @devilray said:

I am having an issue with the s** for root. I have done what i needed to i think and when I attempt it, it wont let me in. I have done it multiple times but wont work. anyone around to help?

what user were you logged into on attacking machine when setting up? also do a proof of concept with a test file just to make sure it will find the thing

I was able to get root yesterday. I had to change up my script a bit and run it differently in order for it to take. Thank you though.

If anyone is willing to take a look at my code for foothold please DM, I’m real stuck.

a STUPID machine with STUPID foothold, STUPID user, and a SUPER STUPID root!!!

I managed to get a file as mentioned in the comment, but not sure what to do with it… any pointers?

@rancilio said:

I managed to get a file as mentioned in the comment, but not sure what to do with it… any pointers?

Read the file and see if it hints at a way you can attack the box. There is a phrase in it which should give you a very big clue.