One of the most realistic machines I have done in htb, author did a really good job.
Type your comment> @nospace said:
Type your comment> @zac777 said:
@nospace have you tried using those creds on perhaps a part of the website you found during initial enumeration?
Tried to use them on G**s
It is not working on G**s…Am I missing something?
Anyone available to help me with getting the e*** exploit? I keep getting a failed response from the server with a valid t**** when I have tested the same request locally and it works with the logic of the code on the server
■■■■ i got ssh key from that use repo and it ask for passphrase when im trying to login ?
rooted &&
Rooted - that was a cool one. Getting the initial access was the trickiest part, user and root came with understanding how everything was configured. PM for nudges.
I haven’t commented on a box in a while, but this box was freaking DOPE! Shout out to @luminougat for helping me realize a stupid mistake I was making. It’s easy to do that on this box. I almost felt like I was at work, except having a little bit more fun. Thanks a lot @rotarydrone this box was awesome! I look forward to your next piece.
Just got the root, PM me if you need any hint.
re-edit
Rooted! I have to say, user was super fun and very realistic.Really liked the silicon valley theme too.Root was kinda straightforward ,once you’ve read the documentation.Thanks @LordImhotep for the foothold nudge and thanks @rotarydrone for this amazing box.Keep them coming!
pm for help
Rooted, and first comment on a box ever! But I really enjoyed this box. The techs are super relevant, and the Silicon Valley theme made me chuckle Thanks @rotarydrone , well done!
rooted!
This box is great! much love (:
AWESOME box and very reallistic.
User: You should see a common vuln, just read the code :).
Root: Get new creds, Read the code again, Make some research on the running services and find the secret
PM for hints.
Stuck on this box. Help appreciated
Edit: Now have a foothold revshell but still stuck on progresses to user. Help welcomed.
Oh. my. god.
After two days of struggles I finally got a shell (not even user xD) but I already feel like I accomplished about as much as for root on other boxes.
I did not expect my payload to fail so spectacularly.
Always question your assumptions, people!
And thanks to @d0n601 for spelling it out.
On to user and root I go xD
Could someone message me a nudge? I obviously don’t need the way how to work your way up to User ( which i am still stuck at) but i would love to get a hint on how to proceed. Stuck at the pre user atm. found some interesting things, and already creds for a user on a certain repo. After reading all the comments and hints, i’m still not able to find an attack vector. Many thanks!
Hey guys, any help on the e××× payload craft would be appreciated. Please pm me
Could someone please enlighten me on this one? I have been unable to get any foothold and each request I make results in an 500 internal server error. I’ve tried using the /api endpoint and even it gives me a 500. Can someone help me on this one?