Official Love Discussion

Official discussion thread for Love. Please do not post any spoilers or big hints.

«1345678

Comments

  • edited May 6

    So excited!!! .. Made it to top 25 ... Thanks @pwnmeow

    User

    Attack vector is right in front of you... Basic reconnaissance is all you need... Keep in mind, not always do the paths need to be the same... Just go with your instinct and correct the path.

    Root

    Don't we all LOVE misconfigurations #convenienceoversecurity... Finding it is easy especially if you LOVE vegetables...hahaha

    Feel free to DM in case you need a nudge :wink:

    In case you are still stuck after trying everything, u might wanna watch this :smiley:

    sicario1337

    Happy to assist and 'Respect' is always appreciated
  • Hey, thanks for that. The foothold tripped me up a bit but after I thought about what I knew and what you said it clicked.

    Interesting little method you don't see often like that.

    :) rock on

    @sicario1337

  • Rooted, was a fun box. Was challenging but not frustrating. Agree with enumeration for user, pay close attention to services and what information is on them.

    DM for nudges if needed, good luck and have fun :)

  • Spoiler Removed

  • really easy!

    my advice

    When a lot of attack vectors in fort of you, try simpler things first.

  • I can read files, but dont know how to use this. Help, guys

  • Just rooted/system'd this box, however got stuck for a long time on root -- I was actually entering the right commands, it was (I think) because of my shell. For people that have rooted this box - do you know why I was getting errors with m*****c.exe when running from my e******rm shell? Thankyou!!

    Hack The Box

  • edited May 2

    Rooted. IMO not the easiest box based on the amount of attack surfaces. Root was a lot easier than user.

    How does someone get user in 8 mins? It probably took me longer than that to find a working rev shell :smiley:

  • @coopertim13 - I ran into the exact same thing you did. I also don't know why it didn't work.

    Arrexel
    eJPT

  • I've rooted the box but i'm quite frustrated that i couldn't exploit one of the foothold attack vector. This is probably a more advanced S**i scenario, if anyone has managed to work with that i'd be curious to find out how you exploited it...

    lebutter
    eCPPT | OSCP

  • Type your comment> @Exci said:

    Rooted. IMO not the easiest box based on the amount of attack surfaces. Root was a lot easier than user.

    How does someone get user in 8 mins? It probably took me longer than that to find a working rev shell :smiley:

    By organizing notes and tools.

  • Rooted!

    User

    • Don't waste time and threads!
    • Focus on the results came from tools ;)

    Root

    • A tool can #suggest it for you ;)
  • edited May 2

    Rooted. But I'm not sure this is the right way.

    • I tried to use the exploit several times without success for the final part. For most people this still works, not sure if it's been patched.

    • This box is very frustrating especially the root part, but I learned new things. If you need help, always available to answer your questions. ;)

    Arrexel

  • edited May 2

    Fun little 'easy' box for people new to HTB to learn from. I don't know if I just spend too much time doing web challenges but I didn't have much trouble with foothold.

    My Windows local enum is so weak, so it took a while before deciding to switch to a popular script to speed up the search and as soon as I saw and recognised the Windows 101 escalation vector, I kicked myself and got SYSTEM right away :)

    I need to do more Windows boxes!!

  • edited May 2

    Type your comment> @whitewhale said:

    Fun little 'easy' box for people new to HTB to learn from. I don't know if I just spend too much time doing web challenges but I didn't have much trouble with foothold.

    My Windows local enum is so weak, so it took a while before deciding to switch to a popular script to speed up the search and as soon as I saw and recognised the Windows 101 escalation vector, I kicked myself and got SYSTEM right away :)

    I need to do more Windows boxes!!

    Did you look at the Ap******r rules?

    Arrexel

  • It must be easy to me but I couldn't find the way. Can someone give an advice with spolier on DM

  • Anyone willing to ping me with a nudge on footholds? I'm still learning (only been doing literally any hacking for about a month, if that). I've done all of the enumeration i can think of and dig into pretty much all of the subdirectories. i even did some sql enumeration for way too long. I definitely feel like I'm over thinking this and a nudge would be very helpful.

  • For user :
    Think basic and look at your nmap.
    Try to analyze the service's functionality and understand what could be done along with what's exposed and whats not.

    For root:
    Easy privesc .. use your scripts well and not much enum needed...

    Have Fun!

  • Nice easy box,I like the foothold I didn't think about it in first place and forgot about some other services running so had some time banging my head but overall I really enjoyed it

  • is it normal, that I have all ports filtered? ?? this is first time that I face such a prooblem

  • just rooted: thank you @OldProgrammer for the root part.

  • rooted. any help. just dm. as always :)

    Eat-Sleep-Shit-Repeat Security
    kragle
    If I helped you, you may +1 with respect

  • Type your comment> @Doncrek said:

    is it normal, that I have all ports filtered? ?? this is first time that I face such a prooblem

    Make sure that you are connected to the correct VPN package.

  • edited May 3

    Rooted, it was a fun easybox!

    Foothold/User: read carefully output from initial enumeration. After you understand what you can do, be curios to see where you can look into. When you arrive in a certain place the steps to gain access to box are simple, basic exploit

    Root: classical enumeration script will let you know where to look into. There are several ways to conclude, all documented in google.

    Thanks for the box!

    alemusix

  • Great Box. Root is straight forward (follow your process)

    User

    • Enumerate what is out there
    • You may get access denied... but does everything get 403ed?
  • OK Rooted. As been said before root easier than user. Must be a multitude of ways in but you can do the whole box with a popular framework in about 2 mins.Fun box tho, enjoyed it.

  • Rooted!

    C:\Users\Administrator\Desktop>whoami
    whoami
    nt authority\system
    

    User

    Keep it simple, read your scan output. You'll find something that helps analyze everything you're seeing initially. Once you find the first big clue use that information to auth and then normal enumeration should grant you a user shell. Remember to read exploit code!

    Root

    As mentioned earlier, the vegetable will lead you to success. Make sure to read every line. Once a certain ability sticks out click the associated link and the example will be right in front of you. :)

    Feel free to PM for a nudge.

    Unix fanboy
    Website: 0xAsh.io
    Ashh

  • edited May 4

    Spoiler Removed

    windows 7 10 is my rig :) if it can't be done on windows, i fail.

  • Feel free to DM if you are stuck with a full explanation to what you did
  • edited May 4

    Managed to root this yesterday evening... argh!!

    The actual foothold isn't hard once you get the right path. Root is very simple once you do your standard parts. Be careful to not go too far down the route of breaking ha... i mean hearts... that's only going to cause you pain later.

    da1y

    OSWE | OSCP | eCPPTv2

    I rarely check private messages, if you do ask for help, show your workings. I don't reply to wall posts.

Sign In to comment.