root@bountyhunter:/# id
uid=0(root) gid=0(root) groups=0(root)
Great easy box. Foothold & User was interesting for me as I have never personally used that method. Root was pretty straight forward. Just follow the instructions! :))
Foothold/user: Spent more time than I should have. Classic enumeration pointed me in the right direction but struggled with the exploit, since I was not using the proper filtered payload.
You should use the exploit to access the file that enumeration discovered.
Root: See what can be done and use at your advantage.
Foothold/User: Think about file extensions as you enumerate and then Burp is you friend. Read up on your OWASP techniques.
Root: Read the “tool” and then think about ways to make it do what you want it to do. I’m sure there are many ways, but I found one that worked for me to accomplish what I wanted to do.
Good to back on HTB! Well, no mean to brag but I really think is too easy to be HTB standard. But I like the fact that this box motivates beginners to encourage themselves.
Hints are already here. But if you get stuck you are welcomed to PM.
Not sure how to feel about this box, it had a weird overall feeling. I spent a lot of time on the foothold for two reasons :
1°) I’m an idiot, which is on me.
2°) I could read some files, and some others I couldn’t. So I just wasted a lot of time trying to guess what I thought was an unusual file system
The root part is very CTF like, not what I enjoy the most even though it’s always good practice because if pushes you to read code and understand what’s going on.
Thanks @ejedev
Thank’s for spoiling the root! Someone leftovers are doing everything for You. I did reset the machine and now I’m trying to make it by myself. DELETE YOUR STUFF !!!
Foothold/User: Once you identified the web vulnerability… try all possible attacks from diferente sources (portswigger, hacktricks, owasp, medium, etc.) one or two of them will take you straight to exploit succesfully and user eventually.
Root: typical privesc enumeration will take you there. Need to read and try to understand what code does. Then play with it and you will get a ticket to root.
Please make sure to delete your files or restart once you complete the machine. Its not funny to find “unintended hints”
rooted. Thanks to @obfucipher for the nudges. was nice to know i was on the right path every time, just pointing my payloads at the wrong thing or slightly out of line…
Finally rooted the box. Thanks to @htbuser01 for help.
User:
1)I just narrowed down my vision and kept hitting and expecting different results.
2)Start from scratch.And make sure you enumerate the webpage properly(This was my mistake)
3)Undestand what you send.
4)You can read the file.But for the intresting file you need to filter it.
Root:
1)Understand what the code is doing.
2)And search how could you use that part of code to your use.