@krisp33 said:
i have user and im trying to send dr-s**y to my attacker machine, and nothing is working. I tried scp, wget, and curl.
When you can’t send it, try to rather pull it 
@krisp33 said:
i have user and im trying to send dr-s**y to my attacker machine, and nothing is working. I tried scp, wget, and curl.
In addition to @HomeSen’s excellent (as always) advice, you might consider if you really need to copy it to your local machine. As far as I can remember, you can find all you need on the box.
Spoiler Removed
Man, the 502’s been there for like 45 minutes…
Thanks to @Hyp3rDrive for his guidance about running d****r I got a user shell last night and wanted to keep working on the box this morning but eh… Another time.
Great box so far though, a lot harder than anything I’ve done before, which kinda feels good actually 
@dragonista said:
Man, the 502’s been there for like 45 minutes…
If you have the time, please report this to HTB. Even if they are fairly dismissive (as when I reported it 
), it will give them metrics which highlight the problem.
Type your comment> @dragonista said:
Man, the 502’s been there for like 45 minutes…
Thanks to @Hyp3rDrive for his guidance about running d****r I got a user shell last night and wanted to keep working on the box this morning but eh… Another time.
Great box so far though, a lot harder than anything I’ve done before, which kinda feels good actually
Switching servers solved the problem for me
I got a reverse shell with user “git” in a doc*** cont*** apparently. That is the correct way? after that, how i get root access into doc*** cont*** or to host? (Sorry for my english, I’m argentinian). Thanks.
I could really use a hint for the root part. My brain might be fried after all I had to go to get there and now I’m clueless lol. I ran several enum scripts, looked in every folders, tried different approaches, nothing’s worked, I really have no idea what I could be missing !
@dragonista said:
I could really use a hint for the root part. My brain might be fried after all I had to go to get there and now I’m clueless lol. I ran several enum scripts, looked in every folders, tried different approaches, nothing’s worked, I really have no idea what I could be missing !
Enumeration is the key and most of the enum scripts should have found the interesting thing. If not a manual find will flag it, as it doesn’t normally appear in Linux. When you find it, examine it, see what it does, hijack it, get root.
Hi guys,
I have seen through this discussion that I need to start by using Nmap because it shows you the first piece of information that is going to help me solve this challenge but, to be honest, I do not know what I am looking for. I see the machine has 3 open ports, I see the version of the services that are running on the machine, I see the methods supported by the webserver, but I do not see anything that can help me get the G page everyone is talking about. Any hint would be really appreciated.
Ty.
Type your comment> @davidcp said:
Hi guys,
I have seen through this discussion that I need to start by using Nmap because it shows you the first piece of information that is going to help me solve this challenge but, to be honest, I do not know what I am looking for. I see the machine has 3 open ports, I see the version of the services that are running on the machine, I see the methods supported by the webserver, but I do not see anything that can help me get the G page everyone is talking about. Any hint would be really appreciated.
Ty.
As a test if you have noted the name referenced in your nmap scan output, have you tried curl -H 'Host: «name»' 10.10.10.216? (Pardon if obvious but your question read to me as if this might be the stumbling block here.)
@davidcp said:
Hi guys,
I have seen through this discussion that I need to start by using Nmap because it shows you the first piece of information that is going to help me solve this challenge but, to be honest, I do not know what I am looking for. I see the machine has 3 open ports, I see the version of the services that are running on the machine, I see the methods supported by the webserver, but I do not see anything that can help me get the G page everyone is talking about. Any hint would be really appreciated.
Ok first - this is not an easy box really. I know it is rated easy but it isn’t.
I strongly suggest you work through the starting point boxes before you move on to this, or even some of the stuff at https://academy.hackthebox.eu/. The reason I suggest this is that you may need some practice on the methodologies and most of the machines in the live category don’t really provide this.
Failing that, look at what output nmap has given you. Go to the places it tells you are open. For example, if it says a web server is running, visit it in a web browser.
If nmap says its using a domain name, add that to your hosts and visit it in a browser.
Finally rooted !
It took me quite some time to get the foothold, but at the end, it was very interesting to reproduce everything on my local machine. I feel like it’s a very good practice for beginners like me and even though the difficulty level is not really “appropriate”, maybe HTB rated it as easy because they want beginners to take/understand that approach of working ???
Anyway, thanks to @0xc45 for the nice box, and also to @Rudex and @Hyp3rDrive for the nudges. I should definitely read everything more carefully !
Feel free to pm if you need a nudge.
Definitely the hardest easy box I’ve done, just down to the amount of effort required to get foothold. Still relatively new here and I worked on this box for easily 12-15 hours over the course of a week (albeit I spent a lot of time writing python to practice my vuln automation). I was so fried by the time I got to root that I was staring directly at the answer for an hour before I called it a night. Woke up the next morning and knew exactly what to do. If you’re struggling at any point, read through this whole thread, all of the answers are here in some form or another.
Some additional advice that I haven’t seen in the thread:
- Don’t inherently trust POCs, if they don’t work out of the box, then look for another or try and map out what’s happening and write it yourself.
- Software Versions are important
- If you’re building a new VM, snapshots are great right before you install anything that you may make a mistake on… Reverting a snapshot is way quicker than reinstalling an OS.
If you want help from a noob, feel free to reach out, I can try help point you in the right direction!
Type your comment> @TazWake said:
@dragonista said:
Man, the 502’s been there for like 45 minutes…
If you have the time, please report this to HTB. Even if they are fairly dismissive (as when I reported it
Funny enough, when i tried to do that, I believe yesterday, the support page was unnaccessible, lol.
I can’t submit the root flag. I tried three times with three different flags and it doesn’t work, so I submitted two tickets, one regarding that 502 issue, and another one for the flag. That’s weird though, I tried three servers, waited a whole night, reseted the machine, but… neh.
Anyway, regarding the machine, now that it’s rooted, thanks to @TazWake who held my hand for the last step (literally, I’m ashamed I missed that lol), I can say that it’s definitely not an easy machine even though the root part is like… one of the first thing you learn in hacking ? x)
There’s plenty of help and hints available for the way up to user, for root I’d only say that maybe it’s been a nightmare for you to get there, but don’t forget difficulty is always relative to your skillzZz, right ?
@TheFlanman91 said:
- If you’re building a new VM, snapshots are great right before you install anything that you may make a mistake on… Reverting a snapshot is way quicker than reinstalling an OS.
I know right ? I went through the whole installation process three times… 
@dragonista said:
I can’t submit the root flag. I tried three times with three different flags and it doesn’t work, so I submitted two tickets, one regarding that 502 issue, and another one for the flag. That’s weird though, I tried three servers, waited a whole night, reseted the machine, but… neh.
Thank you for doing this. I know it is a bit tedious but the more people who submit tickets, the more HTB will be able to understand where problems lie.
This machine definitely isn’t easy, took me a few days of attempts before I even got a foothold, and I only really found user because apparently google wanted to be kind to me today. Root was very easy in comparison if you do your basic enums.
I’d say this box is still harder then most of the medium ones. Just remember to not rely too heavily on automated tools. Sometimes you need to do things yourself.
I needed a nudge to get started on this one because my searches didn’t find anything that looked helpful, and I went round and round and round overcomplicating things. Now knowing what the answer is, googling the question is easy, so some advice: Think about what you have found, and what you would like to get. And follow the money.
It this is too spoilerish plz delete.
I’m really curious though as to how people managed to root this box in about two hours. Just the setup needed to get it done is already time consuming, plus the time required to figure out what you gotta do… Do people have 2TB of VM ready to be fired up ? I really feel I’m missing a lot on the enumeration/setup phase.
Type your comment> @TazWake said:
@davidcp said:
Hi guys,
I have seen through this discussion that I need to start by using Nmap because it shows you the first piece of information that is going to help me solve this challenge but, to be honest, I do not know what I am looking for. I see the machine has 3 open ports, I see the version of the services that are running on the machine, I see the methods supported by the webserver, but I do not see anything that can help me get the G page everyone is talking about. Any hint would be really appreciated.
Ok first - this is not an easy box really. I know it is rated easy but it isn’t.
I strongly suggest you work through the starting point boxes before you move on to this, or even some of the stuff at https://academy.hackthebox.eu/. The reason I suggest this is that you may need some practice on the methodologies and most of the machines in the live category don’t really provide this.
Failing that, look at what output nmap has given you. Go to the places it tells you are open. For example, if it says a web server is running, visit it in a web browser.
If nmap says its using a domain name, add that to your hosts and visit it in a browser.
I will follow your suggestion.
Thank you!