Celestial hint

Hi Could someone PM me how to advance (trying to get user access), I can’t find “the article” everyone is referring to. Thanks!

@BobBobbington said:
Hi Could someone PM me how to advance (trying to get user access), I can’t find “the article” everyone is referring to. Thanks!

I pm you

@s2233 said:
Waiting 5 minutes wouldn’t be so bad if the box could stay up for more than 5 minutes at a time…

yeah wait 5 min but how about someone changes your script to a reverse shell in these minutes, deleting your script and crashing the server :-1:

As I’d been asked per PM - I rooted it, but I would be interested in discussing details of others’ reverse shell code over PM. I wrote my own script for piecing together the exploit, and I tested snippets of code for creating a reverse shell. I’d like to understand why and if some shells are more stable than others - even if they all use the same core code that actually makes the connection …

Should possibly correct that spoilery wording…

@kekra said:
As I’d been asked per PM - I rooted it, but I would be interested in discussing details of others’ reverse shell code over PM.

I am really most interested in learning what features would generally make a reverse shell stable (in whatever programming language) in an unreliable environment such as this box is … Scrolling back in this thread shows that others also said the same code was working for them at one day, and then the other day not.

What I should also add: I become VIP member yesterday, so when I finally rooted it - using a seemingly good version of the code - I was working on a more stable machine.

yntaxError: Unexpected token

   at Object.parse (native)
   at Object.exports.unserialize (/home/sun/node_modules/node-serialize/lib/serialize.js:62:16)
   at /home/sun/server.

when ever i try to get the reverse shell i get this why is it so can someone please tell me

Just pwned this - If anybody needs some hints DM me

;-; whyz you needz hintz

when ever i am running the exploit i am getting
An error occurred…invalid username type

why is it so can you help me

nvm got it

@stevv said:
when ever i am running the exploit i am getting
An error occurred…invalid username type

why is it so can you help me

Feel free to PM me - I’ll try to help debug it with you

Hi everyone,
I try to get the user’s flag via the cookie to inject system commands but without success.
I get this page:
“Hey Dummy undefined + undefined is NaN”
I think it’s a syntax error but I’m not sure.
Can anyone PM me to debug this with me please ?

@stevv said:
when ever i am running the exploit i am getting
An error occurred…invalid username type

why is it so can you help me

nvm got it

I am stuck on that bit, could you PM me what you changed? I think I’m missing something obvious

can someone help me here in the last step of priv escalation but not getting the s**** back but when i manually run it its getting a connection back

Hi all, I’m sending the exploit correctly, however I don’t seem to be getting a response, any tips, PM me?

if somebody needs any help pm me

@xtech said:

@s2233 said:
Waiting 5 minutes wouldn’t be so bad if the box could stay up for more than 5 minutes at a time…

yeah wait 5 min but how about someone changes your script to a reverse shell in these minutes, deleting your script and crashing the server :-1:

Hey @xtech I 100% agree with you. That is something I personally had not considered when designing the priv esc. It definitely makes things trickier in the free HTB environments. I can’t undo the damage in this case unfortunately, but I definitely have a solution to prevent a poor design choice like this should I use a similar technique for a challenge in the future.

I really appreciate you speaking up about that issue, it forced me to really think about the design of machines for HTB, and come up with a better way to implement something like that later on.

@s2233 said:

Hey @xtech I 100% agree with you. That is something I personally had not considered when designing the priv esc. It definitely makes things trickier in the free HTB environments. I can’t undo the damage in this case unfortunately, but I definitely have a solution to prevent a poor design choice like this should I use a similar technique for a challenge in the future.

I really appreciate you speaking up about that issue, it forced me to really think about the design of machines for HTB, and come up with a better way to implement something like that later on.

yeah i knew the solution to get root but waited for the next day to execute it due to that guy who kept changing my script. However, the user exploit was good. Anyway, thanks for your contribution :slight_smile:

Hi , I am terribly new I got how to use burp. But I keep getting the invalid username.

Please PM me with a point in the right direction.

@muckitymuck said:
Hi , I am terribly new I got how to use burp. But I keep getting the invalid username.

Please PM me with a point in the right direction.

Coffee break and comeback :+1:

Still struggling on my 3rd day with this machine…hmm…still at getting user flag - got the payload but keep getting http error code 500 - unexpected token - even though i send the user etc in the payload request - any hints please PM me, thanks.