Celestial hint

Hi,
I’m new to this field and would like to know where can i find hits to that machine. If should be one of the easy ones … still I only see port 3000 open on it …

just don’t overthink on this one

hmm… ok, anything else ?

Better to work on the things that u got

So do I … I’m stuck. Hints are welcome.

search about the running service

I’m trying the exploit but I just keep getting a connection reset in Burp. Not sure what’s wrong. Followed the instructions

Ok - first - this may be a spoiler so take it into consideration.
Now - I managed (using burp suite) to fin the following: “username”:““,“country”:”“,“city”:”“,“num”:”
Question is - where do I enter this username and these creds? ?

@eransh10 They Might not be needed. See what else can you change with Burp

Anyone on privesc?

I’m trying to work on the privesc but people keep resetting the box :anguished:

@jatinluthra14 - Do you have a reference of good burp tutorial ? I’m kinda new in the hacking space …

Watch ippsec’s videos he uses it extensively since web servers are pretty big attack surfaces.

There is an article that basically gives this machine to you if you can understand what it is running and what it is doing.

Privesc at least how I did was classic and simple, kind of a let down with how novel(compared to other htb boxes) the initial foothold is.

hi @mercwri - would appreciate a link to this article…

@eransh10 I won’t link it the thread since it basically is a spoiler. But the solution to getting a reverse shell is easily found if you look at what is running and search for common exploit methods to be used against it.

So i’ve figured out what I need to do via Burp so that I get different responses but I’m struggling with what precisely I need to change to get a foothold. I can manipulate the responses but right now all I seem to be able to do is print different messages or get errors from the server.

I’d appreciate a nudge or helpful DM. Thanks guys!

Any hints on priv esc?

@meni0n said:
Any hints on priv esc?

Look at the user’s home and you have all what you need.

i am having hard time with getting foot hold - if someone could PM for hints plz

@mercwri said:
Watch ippsec’s videos he uses it extensively since web servers are pretty big attack surfaces.

There is an article that basically gives this machine to you if you can understand what it is running and what it is doing.

Privesc at least how I did was classic and simple, kind of a let down with how novel(compared to other htb boxes) the initial foothold is.

not sure if i am doing a spoiler , done some research.
according to your hint i may need run some nodejs functions on my rig , then paste them inside the cookie ? am i on the right track ?