Anyone wanting hints : Please don't expect walk-through's. I no longer have the time or the patience to hold someones hand if they cant be bothered to do basic enumeration. Show me what you have tried and evidence of enumeration, then I'll give you a hint
Been a way for a while, came back and gave haystack a go
So everything up untill that very last step is fairly straight forward
found 3 files, know exactly what to edit and where. but for groks sake i cant seem to get that last step working !
Just a couple things.
1 - The hint that says "think like a user". I still don't understand the relevance
2 - Deleting necessary files is just dumb. Make a backup instead !!!
I went for the "Old Backdoor" . …
Trying to get my head around root - I know its something to do with "M*******D" but cant get the syntax quite right
Got told to "think like a user" - which is of no help to me at all as i rarely ever have to deal with users :)
So user was simple
Root - potentially should be simple, got the command i need but missing something on the syntax (probably overlooking something glaringly obvious)
Anyone about to go over some syntax ?
Thats that one done and dusted
I was clearly overthinking one specific step
So there isn't a great deal i can add to this
A retired machine that was mentioned will get you to the first part
Impacket is an invaluable tool for this …
And done !
Everything you need is in this thread
User : Enumerate and then enumerate again
There are a few rabbit holes granted but if you keep digging you'll find what you need
At the point of RCE - make sure your payload isn't too basic (cant …
Oh I'm quite aware it can be reset , as am i aware of where logs are stored - shouldn't have to keep resetting the box though due to some idiot.
Either way, deleting files that are relevant to the box is a really shitty thing to do
Dont take any notice of the error message
Search for the software running - you should find an unauthorized exploit
you may need to do a bit of time travelling as mentioned here
Tbh I disagree with those saying its blindingly ob…
so user was simple - but what the hell is this "easy enumeration" for root ? -
Edited - Probably not a good idea rooting if your tired / had a long day - You'll easily overlook something
shout out to clmtn :)
Got root + root shell
Fairly straight forward
Standard nmap enumeration
Read whats in front of you clearly - specifically what runs on port 80 !
1st user : The box name is a dead giveaway as to whats going on. Leverage your att…
I got to like this one as it progressed, though as a rule i don't generally care for CTF challenges
New users may find this one fairly complex - as always enumerate and read this forum well, it has everything you need
Seasoned HTB users - Just don…
Anyone available to checkover some code ? - don't want to give away spoilers here
Got something to decrypt something , found something similar on google that, with a bit of alteration should do the job . Only issue is, its deleting the file or just…
Boshed this one on the head the other day, found a couple ways - one i think was a bit Dirty and not intended
Anyone out there who got wild with this one care to PM me ? - as I said I've already got the flag, I'm just interested how you got it to w…
anyone available to check some syntax ?
Know the exact exploit for root - the "easy rider" video earlier in this thread is a dead giveaway
Tested it on local machine, cant quite get it to execute on server
Got user - now onto root
IF you are having issues with some things not authenticating, i found leaving it for an hour or so then doing a reset on the box helped.
Initial Foothold -
Step 1: its quite simple - enumerate the usual way. The school c…
so far so good - in via unprivileged user
usual enumeration done, suid files, services etc - Apparently there is an "interesting service" running
usual commands run to show all services - there is nothing that i would call interesting ru…