rooted this box. I would rate this as medium, not to easy especially on user
Tips on root, be creative. If shell doesnât pop on your listener, find the alternative ways.
finally i got rootâŚ
i did not know i can use sudo in this way⌠this is no way easy, i think rated medium is more fair.
Type your comment> @sirbowen said:
finally i got rootâŚ
i did not know i can use sudo in this way⌠this is no way easy, i think rated medium is more fair.
Surprised the â â â â out of me too. I am not even sure how I stumbled on an example of how to do it. I did not like this box at all. But having learned that makes it worth it.
Type your comment> @limelight said:
Rooted. thanks to @GibParadox and @polarbearer for a very cool box. It took me a lot longer then I thought⌠and I needed some advice from @thuune and @dinosn for the final step. I have done all of the easy and medium boxes on HTB in the last few months and I would say this was one of the more difficult ones. Attention to detail is very important. Agree with @GibParadox on it being more about perseverance. But I will say you need some technical know-how in the end. I learned several things that iâll use in the future, so what else can you ask for?
ifconfig |fgrep 10. |awk â{print $2}â && whoami && hostname
10.10.10.187
root
admirer
Yeah I agree, the tech know-how is a must⌠I would need to polish my web searching skills (proper keyword search), I have been going merry go round on a command which I never used in this way beforeâŚ
Type your comment> @StrongAle said:
Type your comment> @4mph15b43n4 said:
Hello, first time posting here. So, I found the login page with that famously known service. I tried all the credentials (found on the lowest port on c**********.t**, i****.p** and d*_***.p) but nothing works. Am I missing something? I read about the typo but Iâm lost⌠From what I know HTB machines donât require brute-forcing so I didnât even tried. I would appreciate a nudge. Thank you!
Iâm at the same point⌠Any hints?
Same here. Any hints?
Got user. Nice so far.
i got user yesterday finally but what i notice is that this box is getting reset all the time as well.
NO NEED
also no need at all for dirb dirbuster or whatever
just read carefully ,what you found first .then think logically and find the info manually .
Then google fu and you will be on the box hopefully but again think what you want when you find what you have to exploit.
Then for root i am still trying but people reset and it is unstable : (
as always
but so far i find the box cool and yeah i got into tons of rabbitholes until got user but thats what it is ,this way we learn
can someone give me a hand on the dâŚe, i keep getting a âconnection refusedâ
edit: @coffeeBLK thanks for your help, got it working now
Fun box. Very creative. Thanks to the makers. Iâd rate it as a medium. My tips:
There is a reason Kali comes with so many lists.
There is a reason why your tools have so many switches.
The reason it is good practice to remove banners is to increase the difficulty of finding an exploit. So if you find a banner, it is a gift.
When something is new, it isâŚnew.
In Unix, everything is a file. And files are based on paths.
If you need a nudge, will be glad to help if you PM your current progress.
Type your comment> @GibParadox said:
Right, guys.
Itâs been a couple of days now, and we have seen all sorts of reactions to Admirer.
We designed this box we a few things in mind:
- Attention to detail is crucial in pentesting.
- Enumeration should ALWAYS start from the very basic. Never skip anything, no matter how simple it seems.
We also wanted a cohesive, realistic flow, and hopefully with some learning points for people from all skill levels.While we are loving the positive feedback we are getting, we understand not everyone is happy (this is a given, I guess), but we are satisfied with the overall feeling, so thanks to everyone for that.
We put quite some work in the design and implementation of the box, and it was an amazing learning experience which we are proud of.
Is the level rating wrong? Maybe⌠but, if you look at what needed to be done after rooting it⌠did you need any advanced techniques? if your answer is no, then maybe the rating is correct, and it was all about perseverance, and not pure technical skills.
Again, thanks for the feedback. We will be back (if Egotistical agrees haha)
@GibParadox In retrospect I liked this box. As you mentioned, basic skills, not too many steps, no custom exploitation. However my entire team felt that it was not an âeasyâ box. Letâs forget the argument for a second that difficulties here on HTB might not make sense to begin with, as a lot of it depends on which techniques you know. In general Iâd expect an easy, non-fiddly almost guilty-pleasure like experience from an easy box. And boy, this box was fiddly as â â â â , which got me extremely frustrated and caused me to rate it less favourably. I wouldnât have the same expectation from a medium/hard box and would not get me this frustrated. I think thatâs why the ratings are what they are.
Can anyone give me a hint on how to use the credentials on the login page? I read about the service but canât seem to understand why my login attempts get rejected. It seems like Iâm missing something :neutral:
RootedâŚ!
Foothold: enumerate with different wordlists.
user: be a hound or r***e and you know what to do.
root: Just do basic enumeration and think what do you do before you flash your mobile.
Happy hacking
Go it!!! Finally!!
Great Machine!!
Just rooted.
All you need is already in this thread.
But I have to agree with ppl saying itâs not an âeasyâ Box.
Root part is âtrickyâ⌠good for me, Iâm familiar with the technology involved ;).
Rooted, every possible hint has already being given on this thread.
Foothold/User:
some say you donât need dirb/dirbuster and that is just a logic guess, others say to use tools with certain options. Both are right, no one is wrong. In a pentest youâd probably want to use a tool to make things fast and ensure you covered everything, so Iâd say if this box gives you the option to sharpen your tools and learn more, do that.
Root:
Actually enjoyed this one a lot. Standard enum combined to basic knowledge of how linux works.
I hated the box for the initial foothold at first, but as others have said, looking back at it, it was actually a good box. The box throwing creds at us at some point was frustrating at first, but I understand the intent (try every possible thing, and when you realise that doesnât work, move on ). Underrated box.
rooted, the root part was really amazing and really easy
ROOTED as well .
So my 2 cents
Great box @polarbearer and @GibParadox .
I did end up into a lot of rabbitholes, but i dont regret it ; )
in the end the more we struggle the better our google fu .
And also proper reading as well.
NO bruteforce needed ,no dirbusting or whatever .
Just after you get the intial file .Think about .read once again and manually try to find whats next.
After that you will be overwhelmed with info âŚ
Try to read again what you have ,to research the technology etc.
For root once you see it yes needs a bit of little tweak to work thanks @t4lo i was missimg smt small : )
Rooted, finally! That initial foothold was crazy and got me up to speed with some never-before-used options in fuzzing tools. : )
I was too, getting âConnection refusedâ, thanks @troet for helping out with that.
Root was so much fun! Thanks @polarbearer and @GibParadox.