Official Love Discussion

Rooted the box, took a while on initial foothold for an easy rated box, you can spend a lot of time in a rabbit hole on this one. If your nmap output is not increasing your attack surface I would definitely recommend running it with the -A flag.

Root is easy peasy with the right script.

Rooted.

For anyone looking at the forums searching for hints, I’m gonna be blunt and say this: You know what you know and you don’t know what you don’t know! Stop with that TryHard thing!
My hints:

FootHold/User
Let your nmap be aggressive and read the output very carefully! Half of the steps to Foothold lies there! Got it? Nice!
Make the necessary changes. Cool!
Now head over to the “secret” area which was not available before and manually enumerate it very carefully! Like use your EYES instead of firing off gobuster and wfuzz.
Then read about this:

Read it? Now you know what to do!

Take a step back and let the snake take the auto-pilot from there!!

Escalation/System
I’d be real honest here…if you don’t have a solid windows priv-esc methodology, you won’t be able to do this. Its more like a hit-error-success thingy. Without giving away much, enumerate registry keys and look for software policies…google a lot and you’ll end up on a famous blog website which explains exactly what it is. From there its 2 minutes to system

I fell into the Rabbit Hole concerning the ***i and lost 2 hours until looked at it again from the top side. Sometimes you need to take a breather!
Good Luck!
El-Psy-Kongroo!

(Also why the ■■■■ can’t I submit the flags ■■■■)

Edit: Flag submitted- had to revert it two times (sorry if I caused disturbances to others in that time)

For foothold, I’ve found some credentials (username p****e and a password) and tried to use them everywhere I could think of but nothing useful came out of it, is this a rabbit hole or did I overlook something?

Anyone care to PM me on what payload they used for the foothold? I got to the secret area that reads something local, but I keep breaking. Hope that’s not too much of a spoiler. Feel free to PM and I’ll explain more. I know this is the correct path, but I can’t get a load that works.

Never mind, I made a silly mistake. Regard my previous post, lol.

rooted. I will say i had figured out root to this about a week ago, but i couldn’t get it working. came back today and it worked second try. not sure if I needed to reset the box last week or my syntax was off or what, but yeah. Proper enumeration will show you the way to SYSTEM.

foothold was much harder, and honestly, fun! I enjoyed that one. shout out to @rancilio for the nudge on foothold.

hey guy i need help with the attack i got the “other site” but am trying to how do i proceed i tried giving it different queries taking to consideration it is windows but still having a hard time on how to proceed

Found creds, but unable to login, is this the way?

Foothold and User were relatively fast
Hint: Just google what is right in front of you

root took way longer than it should have because of rabbit holes and misplaced syntax but fun nonetheless

Hint: Some classic enumeration and it shouldn’t take you too long to get there. Don’t rely on scripts thats how i fell through the holes…manual should be enough. Once you have it figured out just create what you need, get it there, and make it go.

All in all pretty cool box.

Happy Hacking!

First Windows box in a good while. User had a few too many steps IMO for an easy box, but also, I’m stupid.

User Hints:

as others have suggested, be talkative with nmap, and methodically read the output! There’s something it tells you about that you probably wont see or find elsewhere, unless you have a lucky guess. In that regard DON’T use a fuzzer or guesser, you absolutely do not need one here. This is a methodical, rather linear box.

Ok, so now you have found your way to something different, cool. play with it a bit! don’t try and immediately hack the dang thing, just figure out what it can and cant do. where is it being run from? what can it see? always keep in mind, hacking is difficult, so K.I.S.S…

From here, it should be fairly obvious what to do, a simple cheatsheet will suffice, but keep the platform in mind.

Root Hints:

If you’re not comfortable with your current enum skills, Eat your veggies, and then use google! It knows all.

My shell connection dies ever time, got user using burp and a costum script, but i need a stable shell. Can anyone help me please?

@kurogai said:
My shell connection dies ever time, got user using burp and a costum script, but i need a stable shell. Can anyone help me please?

I hate this thing too so i use a web shell to be more stabel

Just rooted. Thanks for the hints.
At the root part just had to try again…

I think I know the way to root but no matter what shell I use or what method (metersploit, powershell, etc) it just doesn’t work. When doing it manually from a shell I get a message about a missing service.

Dm me if you are stuck
ill help you

Rooted ! This was a good opportunity to learn some Windows privesc and Metasploit.

PM me if you need some help :slight_smile:

Finally rooted!!!
Feel free to DM me for nudges.

Finally got root too.

User need lots of enumeration… Look good at you initial scan then don’t forget to well configure your system and to explore where you can go. Then basic rce…

Root is not that easy I could read on the forum because I am not used to Windows boxes, but if you know what you are doing, it is not that hard !!! Look good at the output of your enum script…

Type your comment> @htbapibot said:

Official discussion thread for Love. Please do not post any spoilers or big hints.

@sicario1337 said:
Type your comment> @chbale said:

Type your comment> @spaaze said:

(Quote)
I am struggling on this one aswell…

Have you considered trying url instead of uploading a file and see what it does… then use that to ur advantage? ?

@Celebrity said:
Rooted!! Fun Box

I need help bro don’t know where from where should i start

I’m new to these and would like if I could get a nudge from someone? I have enumerated as far as I know I think. Any nudge would help. Thanks