I don’t know why I cannot ping the machine. I have changed vpn servers, recreated the instance, still no luck. What am I missing? (btw. this only happens in release arena, works normal in regular machines)
I had strange timeouts yesterday so I gave up not knowing if it was HTB infrastructure or perhaps a WAF doing its job. Today I realised that my manual approach using a tool did not work but when I dumped file from Burp Suite and let it work with that it seems to work. I can´t see why but I am obviously missing something in the request. Gonna go back later and learn from it, now I at least have found something to work with.
So I feel like normally boxes don’t require brute forcing but does anyone know if it needed here? I feel like I’ve hit a wall otherwise, any insight is appreciated!
This is extremely timeconsuming. I think I know what I want to exfiltrate but I don´t know where it´s stored. And it takes forever to read avery byte. User in 2 hours… I am impressed.
This is extremely timeconsuming. I think I know what I want to exfiltrate but I don´t know where it´s stored. And it takes forever to read avery byte. User in 2 hours… I am impressed.
Maybe being blind is not the right way to read files
As you have found the permission, try different ways of reading files
I had strange timeouts yesterday so I gave up not knowing if it was HTB infrastructure or perhaps a WAF doing its job. Today I realised that my manual approach using a tool did not work but when I dumped file from Burp Suite and let it work with that it seems to work. I can´t see why but I am obviously missing something in the request. Gonna go back later and learn from it, now I at least have found something to work with.
Last night I gave up scanning for anything, this morning scanning I’m finally seeing open ports!
Finally Rooted my first machine done a few hours after release!
User was quite complicated, since my enumeration process did not pick up everything. The tool I used for the foothold did help in some way, although I ended up copying the generated payload and used it by hand at the end.
Root was fun - the initial foothold is right there, however the system does bite back so it is absolutely crucial to understand what happens on the system . I ended up taking multiple steps to get root.
Very fun machine overall (although it took me more time for user than I expected), although I am not sure if there are multiple ways to exploit it since there are some services that I did not use at all in the end.