Rooted! PM me if you need help
hello guys , i need some help on this box for the foothold enumeration, the api its not working , i donāt know if its a issue , i conf in my etc/hosts but i dont know its not loadingā¦any hint shall be appreciate , thank you
You are on the right track, keep at it. I suggest adding all of what you enumerate into the hosts file. Beyond that, I am stuck at trying to make v***t work.
If respect is earned, respect is given.
Rooted. Fun box for sure!! As noted, root wasnāt super hard but not completely impractical. Happy to help if anyone needs a nudge.
ROOTED! Pretty cool box!
If anyone needs help ping me
Really fun user and root!
Trying to use curl with T***N and I am getting this response
{
āmessageā: āThe browser (or proxy) sent a request that this server could not understand.ā
}
Honestly, Iām not sure how to get around this. I have tried multiple ways. Can I get some help please? A PM would work!
Heya,
Iāve got the creds and can generate a t**** and I see the e*** function but Iām having trouble exploiting it.
Any nudges would be appreciated.
edit: After messing around with p***** a lot I managed to get a reverse shell.
edit2: And rooted, thank you @TigaxMT for the assistance.
Could someone PM-me some recommendations on how to make the links in the top right corner (eg: https://api.craft.htb/api/) to properly resolve? I always get blocked by annoying sh*t like this which I know must be trivial but never did beforeā¦
Hi guys can someone give me some help plese, Im stuck with the Rev shell
Type your comment> @TurinGiants said:
Trying to use curl with T***N and I am getting this response
{
āmessageā: āThe browser (or proxy) sent a request that this server could not understand.ā
}Honestly, Iām not sure how to get around this. I have tried multiple ways. Can I get some help please? A PM would work!
I was having the same issue and noticed I was typing the quotes(ā ā and " ") wrongā¦ check that
If anyone is getting stuck after RCE and interacting with db (before getting user), and youāre using commands with * to enumerate but getting single responses, try commands that select things 1 at a time.
Thoroughly enjoyed this realistic box! I see most of the hints needed are already given in this thread, but Iāll leave a small hint for breaking out of the jail:
- There are a few things you should never commit.
Feel free to PM for hints/nudges.
Made a bit of progress but getting stuck at e*** . Anyone got any tips?
Type your comment> @clubby789 said:
Made a bit of progress but getting stuck at e*** . Anyone got any tips?
Try running that portion on your machine so you get useful output
@Place1111 said:
Try running that portion on your machine so you get useful output
Iāve got it on my end but I havenāt managed to find anything useful I can do that doesnāt cause an error
Edit: Got user thanks to @Place1111 s tip
Just finished the box. Very realistic. Thanks to @rotarydrone! I will say that Iām very familiar with the tool exploited to get root so that wasnāt too difficult. User wasnāt too difficult. It was more trial and error to finally get my RCE and more enumeration to user. Again, great box!
Need a nudge on user, pm me for a list of stuff i tried. Thanks!