Admirer

thuune · May 4, 2020, 4:39pm

And there’s that pesky shell.

root@admirer:/# ifconfig | fgrep 10. | awk ‘{print $2}’&&whoami
10.10.10.187
root

Many thanks to @segf4ul7 for a little sanity check along the way. Fun one for my first new box experience.

dinosn · May 4, 2020, 5:33pm

Some comments from my side, as mentioned numerous times, enumerate and use ffuf which is much faster.

Please stop resetting the systems so frequently the whole process is supposed to be entertaining not frustrating.

As always feel free to drop me a message in case you need a hint.

heartbvrn · May 4, 2020, 5:51pm

Cheers @polarbearer & @GibParadox.
Had a lot of fun with this and learnt a thing or two along the way. Bit too CTF for me, but was still a lot of fun, will be revisiting it in the future.

devilsnippet · May 4, 2020, 6:23pm

Spoiler Removed

beertocode · May 4, 2020, 7:31pm

can’t get anything to begin with , its blocking everything
any hint for how to begin ?

guanicoe · May 4, 2020, 7:43pm

Spoiler Removed

0xGitnub · May 4, 2020, 7:55pm

Not easy level. It is harder than previous machine, Magic (Medium).

0xRDx0 · May 4, 2020, 8:29pm

Initial foothold:
*** ssh bruteforcing is not needed nor for any other service ***
*** READ EVERYTHING DONT BE LAZY you will miss hints ***
1- enum as much as possible, and read everything this should give you the first access
2- once you get the first access you will be able to perform more enumeration on hidden things.
3- have patience this is where mostly everyone gives up. but you shouldnt the enum will finally come. and will land you on a page

User:
1- open that page and then search about it. now get user since you found that page everyone is talking about on here
2- once you have your acting face setup and ready think about what you need to obtain. things might not seem alike .

Root:
1- inspect everything so you dont fall in a trap and disappear.
2- learn on how to take control of the things .sometimes its hard to spot what waldo has googling about his powers here helps.
3- the trick is well known but for this box it will need tweaking and learning about it persistence is key .
4- once you know how to change the flow . get your root.txt

dont give up. the initial foothold was the toughest just to make you give up.

pwnableTurkey · May 4, 2020, 9:11pm

Anyone got a nudge on the A******.p** login page?

chicxulub · May 4, 2020, 9:13pm

This was a very cool box, I really enjoyed it. Definitely frustrating in some parts but a cool learning experience!

GibParadox · May 4, 2020, 9:20pm

Right, guys.

It’s been a couple of days now, and we have seen all sorts of reactions to Admirer.

We designed this box we a few things in mind:

Attention to detail is crucial in pentesting.
Enumeration should ALWAYS start from the very basic. Never skip anything, no matter how simple it seems.
We also wanted a cohesive, realistic flow, and hopefully with some learning points for people from all skill levels.

While we are loving the positive feedback we are getting, we understand not everyone is happy (this is a given, I guess), but we are satisfied with the overall feeling, so thanks to everyone for that.

We put quite some work in the design and implementation of the box, and it was an amazing learning experience which we are proud of.

Is the level rating wrong? Maybe… but, if you look at what needed to be done after rooting it… did you need any advanced techniques? if your answer is no, then maybe the rating is correct, and it was all about perseverance, and not pure technical skills.

Again, thanks for the feedback. We will be back (if Egotistical agrees haha)

GibParadox · May 4, 2020, 9:21pm

PS: We have probably spent a similar amount of time answering “hint queries” as we did in creating the box…

thuune · May 4, 2020, 9:30pm

@GibParadox and @polarbearer this box rocked. Was my first one where I got to ride from the start. Not gonna say I didn’t have some frustrations along the way, but that’s what makes it really cool when it all comes together in the end.

It’s not a cakewalk, but it’s quite doable and I learned a fair bit. Thank you!

GPLO · May 4, 2020, 9:33pm

That took a while! Well made box. Wasn’t a huge fan of the fuzzing but the root was an interesting problem to solve. Needed a tiny nudge to know if I was on the right track. It’s easy to spot but takes some patience to solve I guess.

limelight · May 4, 2020, 9:50pm

Rooted. thanks to @GibParadox and @polarbearer for a very cool box. It took me a lot longer then I thought… and I needed some advice from @thuune and @dinosn for the final step. I have done all of the easy and medium boxes on HTB in the last few months and I would say this was one of the more difficult ones. Attention to detail is very important. Agree with @GibParadox on it being more about perseverance. But I will say you need some technical know-how in the end. I learned several things that i’ll use in the future, so what else can you ask for?

ifconfig |fgrep 10. |awk ‘{print $2}’ && whoami && hostname

10.10.10.187
root
admirer

guanicoe · May 4, 2020, 9:52pm

Ok, i rooted this box, spent way too long on root. I have a question though, people are talking about user 1 and user 2. I only need to get 1 user before root, could someone pm for more details

SaThaRiel74 · May 4, 2020, 10:01pm

Type your comment> @guanicoe said:

Ok, i rooted this box, spent way too long on root. I have a question though, people are talking about user 1 and user 2. I only need to get 1 user before root, could someone pm for more details

Just one user and then root - all is good.

jackrawbit · May 5, 2020, 12:57am

Congratulation to the authors. This box was really fun, tricky and smart. Worth your time definitely.

zweeden · May 5, 2020, 1:30am

Spoiler Removed

CyberG33k · May 5, 2020, 2:05am

Spoiler Removed