Official Love Discussion

Official discussion thread for Love. Please do not post any spoilers or big hints.

So excited!!! … Made it to top 25 … Thanks @pwnmeow

User

Attack vector is right in front of you… Basic reconnaissance is all you need… Keep in mind, not always do the paths need to be the same… Just go with your instinct and correct the path.

Root

Don’t we all LOVE misconfigurations #convenienceoversecurity… Finding it is easy especially if you LOVE vegetables…hahaha

Feel free to DM in case you need a nudge :wink:

In case you are still stuck after trying everything, u might wanna watch this :smiley:

Hey, thanks for that. The foothold tripped me up a bit but after I thought about what I knew and what you said it clicked.

Interesting little method you don’t see often like that.

:slight_smile: rock on

@sicario1337

Rooted, was a fun box. Was challenging but not frustrating. Agree with enumeration for user, pay close attention to services and what information is on them.

DM for nudges if needed, good luck and have fun :slight_smile:

Spoiler Removed

really easy!

my advice

When a lot of attack vectors in fort of you, try simpler things first.

I can read files, but dont know how to use this. Help, guys

Just rooted/system’d this box, however got stuck for a long time on root – I was actually entering the right commands, it was (I think) because of my shell. For people that have rooted this box - do you know why I was getting errors with mc.exe when running from my e*rm shell? Thankyou!!

Rooted. IMO not the easiest box based on the amount of attack surfaces. Root was a lot easier than user.

How does someone get user in 8 mins? It probably took me longer than that to find a working rev shell :smiley:

@coopertim13 - I ran into the exact same thing you did. I also don’t know why it didn’t work.

I’ve rooted the box but i’m quite frustrated that i couldn’t exploit one of the foothold attack vector. This is probably a more advanced S**i scenario, if anyone has managed to work with that i’d be curious to find out how you exploited it…

Type your comment> @Exci said:

Rooted. IMO not the easiest box based on the amount of attack surfaces. Root was a lot easier than user.

How does someone get user in 8 mins? It probably took me longer than that to find a working rev shell :smiley:

By organizing notes and tools.

Rooted!

User

  • Don’t waste time and threads!
  • Focus on the results came from tools :wink:

Root

  • A tool can #suggest it for you :wink:

Rooted. But I’m not sure this is the right way.

  • I tried to use the exploit several times without success for the final part. For most people this still works, not sure if it’s been patched.

  • This box is very frustrating especially the root part, but I learned new things. If you need help, always available to answer your questions. :wink:

Fun little ‘easy’ box for people new to HTB to learn from. I don’t know if I just spend too much time doing web challenges but I didn’t have much trouble with foothold.

My Windows local enum is so weak, so it took a while before deciding to switch to a popular script to speed up the search and as soon as I saw and recognised the Windows 101 escalation vector, I kicked myself and got SYSTEM right away :slight_smile:

I need to do more Windows boxes!!

Type your comment> @whitewhale said:

Fun little ‘easy’ box for people new to HTB to learn from. I don’t know if I just spend too much time doing web challenges but I didn’t have much trouble with foothold.

My Windows local enum is so weak, so it took a while before deciding to switch to a popular script to speed up the search and as soon as I saw and recognised the Windows 101 escalation vector, I kicked myself and got SYSTEM right away :slight_smile:

I need to do more Windows boxes!!

Did you look at the Ap******r rules?

It must be easy to me but I couldn’t find the way. Can someone give an advice with spolier on DM

Anyone willing to ping me with a nudge on footholds? I’m still learning (only been doing literally any hacking for about a month, if that). I’ve done all of the enumeration i can think of and dig into pretty much all of the subdirectories. i even did some sql enumeration for way too long. I definitely feel like I’m over thinking this and a nudge would be very helpful.

For user :
Think basic and look at your nmap.
Try to analyze the service’s functionality and understand what could be done along with what’s exposed and whats not.

For root:
Easy privesc … use your scripts well and not much enum needed…

Have Fun!

Nice easy box,I like the foothold I didn’t think about it in first place and forgot about some other services running so had some time banging my head but overall I really enjoyed it