limelight

About

Username
limelight
Joined
Visits
1,150
Last Active
Roles
Member

Comments

  • Thanks to @Harbard for getting my mind right for the pivot. I was stuck on some well known syntax that just doesn't work. Just some trial and error with how things get parsed and what gets executed that you may not expect... very cool box. hostname…
  • (Quote) Standard Linux enum script should turn up binary. Well document website with how to use such binaries for privesc will show you how.
  • Type your comment> @md101 said: (Quote) .1.101 has dependencies on another box. I come back to this one towards the end.
  • Type your comment> @Baggster said: (Quote) You have done all the machines that don't have dependencies within the primary subnet. Look at the hostnames of all the boxes in the lab write-up. That should give you some hint as to a candidate that m…
  • Type your comment> @jb12345 said: (Quote) internal service running
  • Type your comment> @achsooistdas said: > Got all flags execpt the flag "Again and again". Could anyone please point me in the right direction? Thanks :) Fully enum the DB on NIX04
  • Using cewl to create a word list from scraping a unique site may give you words not in rockyou.
  • Type your comment> @dievu5 said: > Anyways, a nudge in the right direction is certainly appreciated. Research a tool that can help you generate a custom word list based on what you have been able to access.
  • Type your comment> @shaunography said: (Quote) You must root for a flag, but I would look into using sshuttle to pivot which does not require root creds. one of the other user creds you have found is static and will work for all of the remaining…
  • Type your comment> @0x00Name said: > Type your comment> @limelight said: > > (Quote) > @limelight I'm in the same situation. Can I DM you with specifics? (Trying not to spoil anything on this thread) Sure, feel free to DM w…
  • I don't think this gives too much away... What might a developer use to help present dynamic content on a website? That thing is vulnerable. Look at the HTTP responses. There is a small clue of what flavor is being used based on the type of server t…
  • Type your comment> @austincoats said: > Hey guys, I've made some decent progress but I'm getting a bit caught up on initial shell on NIX02. I found the flag under the M* user and have tried enumerating known files. Could anyone provide a bump…
  • Foothold is definitely something I have not seen before. I needed a nudge in reading through these posts to catch on. FOOTHOLD: the developer left a breadcrumb. the doctor knows about a different type of injection. #whoami && id &…
  • i completed the entire Dante lab with a colleague a few weeks before taking the OSCP exam in early September. There are many things in Dante that you will not need to do on the exam (Active Directory attacks, pivoting, etc.). However, the level of …
  • Type your comment> @smugglebunny said: (Quote) Which of these boxes would you think might have connectivity to 'admin' machines listed on the lab write up?
  • Type your comment> @j1024z said: (Quote) ^ This. I recently passed with 100pts. It's about time management and being good at enumeration. My 25pt box was pretty tough but the others were very straightforward once you found the thing. I posted my…
  • @voodooraptor look at using sshuttle with the SSH creds you have found. You won't be able to use nmap, but should be able to do manual enumeration from the pivot box.
  • Type your comment> @BaddKharma said: (Quote) Just my $0.02.... I think HTB is doing a bit of a disservice by advertising this lab as "beginner". I think some folks without any experience go into it thinking it will be accessible materi…
  • Type your comment> @BaddKharma said: (Quote) Can confirm, I was never able to get comms sorted to Dante with the TCP option (per the directions already mentioned). Only the default UDP config worked. Because that wasn't an issue for me, I never …
  • Type your comment> @dtwozero said: (Quote) Feel free to DM me. I have done the entire lab.
  • Type your comment> @sT0wn said: (Quote) Remember there are a few boxes that have dependencies on others. It could be one of those boxes does not have a path until you make progress elsewhere. For Webmin, careful analysis should give you working…
  • Type your comment> @LegendHacker said: > Type your comment> @limelight said: > > (Quote) > used the find command but still nothing interesting :( Don't look at ownership. Look at contents.
  • Type your comment> @LegendHacker said: > i am actually really confused for user 2 looked at so much stuff, but no result. Any hints? What is a file that could belong to another user?
  • nice box. I had a tough time seeing what was in front of me for root. I had just not seen that before and for some reason my enumeration of processes did not turn up the vector. The clue about looking at what an editor has accessed is a really good …
  • The boxes in the public portion of the labs are pretty straightforward and the methods you have used for HTB will apply. I would recommend you find at least one box that will let you practice manual SQL injection. It’s a bit of an art form and synta…
  • I have completed the entire lab, so feel free to DM me with what you are stuck on and what you have done.
  • I would say this box is still on the easier side when it comes down to it. That being said, it took me a while to figure out what needed to be done, even after getting a foothold. I needed a nudge but definitely learned something new about creds. A …
  • Type your comment> @GlenRunciter said: (Quote) Agree, a colleague of mine who runs our OSCP training cohort and I did this lab last week and thoroughly enjoyed it. There are definitely things that are similar to OSCP prep.
  • I just finished the entire lab as part of an eval (under a different user - htbahx). You can DM me (limelight) if you get stuck. Please tell me in advance what you have tried.
  • For all interested in this lab, while described as 'Beginner', there are quite a number of dependencies and tech challenges given the network topology. I think it's closer to a medium level lab.
Avatar

Howdy, Stranger!

Click here to create an account.