Craft

jcmoney · August 15, 2019, 12:45am

One of the most realistic machines I have done in htb, author did a really good job.

Tugzen · August 15, 2019, 12:24pm

Type your comment> @nospace said:

Type your comment> @zac777 said:

@nospace have you tried using those creds on perhaps a part of the website you found during initial enumeration?

Tried to use them on G**s

It is not working on G**s…Am I missing something?

coryshawty · August 15, 2019, 2:26pm

Anyone available to help me with getting the e*** exploit? I keep getting a failed response from the server with a valid t**** when I have tested the same request locally and it works with the logic of the code on the server

sazouki · August 16, 2019, 4:52pm

■■■■ i got ssh key from that use repo and it ask for passphrase when im trying to login ?

sazouki · August 16, 2019, 6:29pm

rooted &&

losttroll · August 16, 2019, 8:09pm

Rooted - that was a cool one. Getting the initial access was the trickiest part, user and root came with understanding how everything was configured. PM for nudges.

blackhood · August 19, 2019, 1:31am

I haven’t commented on a box in a while, but this box was freaking DOPE! Shout out to @luminougat for helping me realize a stupid mistake I was making. It’s easy to do that on this box. I almost felt like I was at work, except having a little bit more fun. Thanks a lot @rotarydrone this box was awesome! I look forward to your next piece.

jindom · August 19, 2019, 11:33pm

Just got the root, PM me if you need any hint.

xxexply · August 20, 2019, 3:27am

re-edit

YearZer0 · August 20, 2019, 6:28pm

Rooted! I have to say, user was super fun and very realistic.Really liked the silicon valley theme too.Root was kinda straightforward ,once you’ve read the documentation.Thanks @LordImhotep for the foothold nudge and thanks @rotarydrone for this amazing box.Keep them coming!

NaveenChauhan · August 20, 2019, 7:03pm

pm for help

Forty8 · August 20, 2019, 10:41pm

Rooted, and first comment on a box ever! But I really enjoyed this box. The techs are super relevant, and the Silicon Valley theme made me chuckle Thanks @rotarydrone , well done!

kozac · August 21, 2019, 11:05am

rooted!

This box is great! much love (:

rudesec · August 21, 2019, 8:34pm

awesome box - thank you @rotarydrone !!

evyatar9 · August 21, 2019, 9:14pm

AWESOME box and very reallistic.

User: You should see a common vuln, just read the code :).
Root: Get new creds, Read the code again, Make some research on the running services and find the secret

PM for hints.

strudwick · August 22, 2019, 2:58pm

Stuck on this box. Help appreciated

Edit: Now have a foothold revshell but still stuck on progresses to user. Help welcomed.

S7uXN37 · August 22, 2019, 8:25pm

Oh. my. god.
After two days of struggles I finally got a shell (not even user xD) but I already feel like I accomplished about as much as for root on other boxes.
I did not expect my payload to fail so spectacularly.
Always question your assumptions, people!

And thanks to @d0n601 for spelling it out.

On to user and root I go xD

Gyurusho · August 22, 2019, 9:24pm

Could someone message me a nudge? I obviously don’t need the way how to work your way up to User ( which i am still stuck at) but i would love to get a hint on how to proceed. Stuck at the pre user atm. found some interesting things, and already creds for a user on a certain repo. After reading all the comments and hints, i’m still not able to find an attack vector. Many thanks!

Mil82 · August 23, 2019, 2:56am

Hey guys, any help on the e××× payload craft would be appreciated. Please pm me

mindlessranger · August 23, 2019, 1:49pm

Could someone please enlighten me on this one? I have been unable to get any foothold and each request I make results in an 500 internal server error. I’ve tried using the /api endpoint and even it gives me a 500. Can someone help me on this one?