I would rate this box as medium.
I would definitely recommend using a Windows VM for certain steps.
You can use MSBuild, part of Visual Studio, to compile a project.
I couldn't figure how to compile directly…
My hints for user :
-Read the output carefully.
-When you find something useful, you should try it in different places.
My hints for root :
-Research the system, and you will find something useful.
-Research again and you will find about a vuln…
Type your comment> @GPLO said:
It's a secret directory, and under it you should find the py file you are looking for.
Use a common wordlist, no need to go with big ones.
Just in case, check you are using port 8080 and not 80.
To be honest, I don't give credibility to any comment in HTB regarding the difficulty of a machine, and I might suggest the same to anybody who joined HTB recently. What seems easy now, might not have seemed easy in the past.
Nice box, I enjoyed getting user.
Type your comment> @B3LL4T0R said:
The first part is pure CTF. Focus on the message in the main page.
Focus on a function you would like to exploit.
From there, develop your attack.
As far as I am concerned, it's simply a list of binaries that could lead to priv escalation.
Use the search bar in order to check specific binaries.
It's public informatio…
Type your comment> @pentester94 said:
People in OSCP reddit seem to be using it.
Maybe you can contact them to confirm, but since it's not a tool related to automated explo…
Hints for user :
-Once you are in, read the manual. Read it till you find something interesting.
Hints for root :
-The answer is in front of you the moment you get user. I went down a rabbit hole and I can understand why people might overthink it…
My hint for root.
-Check the different folders till you find something interesting, then try to form a connection.
-Most of the times there's a Linux alternative to work with certain proprietary Microsoft files. However, I wasn't …
Type your comment> @bumika said:
I feel I am closer then. Thank you, I will try again today.
EDIT No luck still. I am wondering if the pair of creds are a rabbit hole.
EDIT2 Thank you @Rholas I was missing one tiny part in my approach.
Type your comment> @k3tchup said:
Same spot as you.
I would appreciate a nudge.
I played with Powershell without luck.
* InvokeCommand gives me errors despite using correct credentials
* Not able to send a reverse shell through that u…
Hints for root :
* Enumerate processes.
* Research about them in order to understand what's going on.
* Eventually while researching you will find a vuln. The exploit was unstable for me and it took some time to get it to work. It's just a matt…
Thank you to @0PT1MUS for the hints provided.
My hints for user :
1º You can use TTS, or record yourself with a mic. There are different online TTS services available, but only one worked for me in the end. I would share the name, but apparently i…
My hints for user.
1º There's one evil function that can be abused.
2º If your reverse shell dies fast, try with a different one. No need to complicate things.
You are getting an exception since you are doing something the ap…
Here are my hints ...
1º It's important to enumerate in this box, but Dirbuster won't lead you where you need.
2º When you are starting with one HTB machine, it's a good practice to try the Vhost (name of the machine) + .htb. In some i…
Have you converted it to the proper format? It should work with rockyou
I suppose you are trying your attack in the root directory.
Search for another directory where your attack would work.
1º The obvious exploit is not going to work.
2º Read articles about the vulnerability, and you will find an alternative approach. There are tons of articles about it.
3º Once you do your research, remember that not all home direc…
Sorry for the repost, but I would like to make a comment regarding Beep and the SSL problem, in case it might be useful for somebody in the future who is training in the retired machines.
I struggled with SSL problems trying to use the most obvious…