This has to be the lamest machine published. It literally took 10 minutes to root. Some kiddies are changing the password, so reboot the machine and be quick. Not sure why the admins of HTB let this box be published. I guess people ran out of ideas.
@MrStfnz said:
This has to be the lamest machine published. It literally took 10 minutes to root. Some kiddies are changing the password, so reboot the machine and be quick. Not sure why the admins of HTB let this box be published. I guess people ran out of ideas.
Only BLUE was lamest to be honest.
First blood was taken in 6 minutes and this is what it takes.
@MrStfnz said:
This has to be the lamest machine published. It literally took 10 minutes to root. Some kiddies are changing the password, so reboot the machine and be quick. Not sure why the admins of HTB let this box be published. I guess people ran out of ideas.
consider new people coming in here, that have zero experience of all this.
having such a box is a good way to not get frustrated and quit.
i mean all new “easy” boxes needed some skills (Sunday and Bounty)
@w31rd0 said:
consider new people coming in here, that have zero experience of all this.
having such a box is a good way to not get frustrated and quit.
i mean all new “easy” boxes needed some skills (Sunday and Bounty)
+1
@w31rd0 said:
@MrStfnz said:
This has to be the lamest machine published. It literally took 10 minutes to root. Some kiddies are changing the password, so reboot the machine and be quick. Not sure why the admins of HTB let this box be published. I guess people ran out of ideas.consider new people coming in here, that have zero experience of all this.
having such a box is a good way to not get frustrated and quit.
i mean all new “easy” boxes needed some skills (Sunday and Bounty)
Very true, plus there are machines that have this service and issue out on corporate networks so it is a good one to learn.
Also by not just using metasploit, if someone is new to the security field - he can learn and practice on some useful techniques. And even if he use metasploit he can learn the basics…
The intended pwn does not work if people change the password. There should be no need to do so. This box is meant to be a confidence builder not a confidence wrecker. Please consider the little ones. We all started somewhere (except me of course who was newly minted whole by the unholy conjugation of a PDP11 and an IBM 9370 ■■■■■). Accidents do happen of course but back in the day dossing your base brought shame on you and your collective. OP has the creds and the exploit. He should not have had to suffer.
@izzie I’m a complete noob on all this computer hacking / ctf stuff, but I get what you’re saying. I don’t really see the appeal in bruteforcing everything or using over-the-top exploits like dirtycow all the time.
I see it done all the time on almost every machine worked on here, when a simple basic enum and a little bit of brain power can do a privesc in less time you need to setup your metasploit module.
First, it’s a pain to work on machines running slow because they are spammed with rockyou.txt attempts, and second, IRL, a sysadmin seeing 1000s of login attempts and CPU peaking at 100% for 10 minutes will sniff a problem coming.
Stay under the radar, folks, try to write (or modify) your own scripts, and most importantly, try to understand what’s going on in the box instead of relying on Linux Exploit Suggester and going hard.
You’ll learn way more, will be surprised how easy it can be to screw up a configuration and open a door for hackers, and most importantly, the satisfaction in finding an elegant solution is really, really rewarding 
As a newcomer to HTB I really appreciate the relatively easy machines, because they keep me away from the despair .
what file should i find after entering the shell. Im new here and got stuck.
@VamSee said:
what file should i find after entering the shell. Im new here and got stuck.
You need to enumerate. :bleep_bloop:
I’m surprised that this box replaced Nibbles. Nibbles was my first box to root, and it was pretty much fun. I had a real hard time to enumerate and try to find the correct exploit. This is relatively very easy.
@Arrexel ! You hear me!? :bleep_bloop:
in my opinion this machine is the weak machine in htb, all you have to do just enumerate, try to brute force and use ***venom to create payload, boom you will get the admin level
All of those complaining it’s too easy. Do it again without msf. Every box here is an opportunity to learn. Anyone can set RHOST and pop shells. Knowing what that exploit does and being able to replicate it through your own script is harder.
Pm for help
I get the flags!! Toss up Outrun!
hey can anyone help me where to find flags
edit = done
Nmap & Google were my friends on this box
I learnt about " *** what is it good for. Absolutely nothing "