Ok, HUGE hint.
You don’t need to do anything with processes, do the same thing you did for user.
USER:
enumerate, can you use these anywhere? enumerate more, did you get anything? login.
ROOT:
remember it is easy, read. Find it? Sometimes the old Rocck music just doesn’t do it for yyou. When that happens I like to go online and try to see if I can find other groups, that will play for me. < I think this is unintended actually, let me know if you got it a different way!
Let me know if you need help.
Hi, help user. username = Haz***?
Hint for user: The metasploit module to speak to a high port service once you have the right credentials does NOT seem to work while the already mentioned ruby scripts do. Metasploit will tell you to check your credentials even though they are correct. The metasploit module to check the credentials does work though. So don’t get fooled by this.
On user:
I’ve confirmed that I have the right credentials for the 5*** port with other htb users on discord. With the metasploit module w****_****n I get “login successful.”
I’ve tried the ruby script already mentioned here as well as the ev**_****m tool. They all just time out. If I use the wrong credentials I get auth errors back from the ruby scripts, but with the right creds I get (HTTPClient::ReceiveTimeoutError).
I can reach and enumerate the SMB share and log in fine, the HTTP server on 80, etc. The only time I’m getting this is with the two tools already posted here that everyone else seems to be using fine. I have all the gems installed and workiing as well as the latest ruby -v.
I reset the box and tried right after, just in case this had something to do with:
@maxo13 said:
PS. Some people are trolling this machine, few hours ago the data
storage directory had changed permissions, so noone else could access it with user privileges.
But even after the reset I still get the timeout. Any help is apriciated, feel free to DM!
Any hint to crack secret 5 pass?
Type your comment> @ParlaxDenigrte said:
On user:
I’ve confirmed that I have the right credentials for the 5*** port with other htb users on discord. With the metasploit module w****_****n I get “login successful.”
I’ve tried the ruby script already mentioned here as well as the ev**_****m tool. They all just time out. If I use the wrong credentials I get auth errors back from the ruby scripts, but with the right creds I get (HTTPClient::ReceiveTimeoutError).
I can reach and enumerate the SMB share and log in fine, the HTTP server on 80, etc. The only time I’m getting this is with the two tools already posted here that everyone else seems to be using fine. I have all the gems installed and workiing as well as the latest ruby -v.
I reset the box and tried right after, just in case this had something to do with:
@maxo13 said:
PS. Some people are trolling this machine, few hours ago the data
storage directory had changed permissions, so noone else could access it with user privileges.But even after the reset I still get the timeout. Any help is apriciated, feel free to DM!
I have encountered the same problem.
Finally I ran the ruby script in windows.
It appears that I might have some kind of ‘bug’ with my smbclient and I am not able to correctly list or get the files in the shared folder. Can someone PM me for assistance?
Stuck on priv esc, first windows box. Have spent a lot of time looking thru the directories need a nudge pls PM me
User Owned…
Trying to Root…
Any Guide ?
For Root: I have a k**4.d* file but its locked. Am I on the right track?
OK well I have been down rabbit holes for ages now some of my own making where I thought I had way more user names than I actually did due to misreading an output.
Collected and cracked the three pw’s in the first hour and patted myself on the back even pretty sure I have worked another user name out from the posts on here but I cant pop the shell on the high port with either r**y nor can I get access on the low ports.
Sifted through everything on 80 with burp page by page including the scripts.
lost time with ruby but learnt a bunch about that on the way pretty sure that is all working at least the errors now seem to be about authentication but I am buggered if I can find the missing piece and get the initial foothold.
Pretty sure I am missing something obvious but I’ve spent hours trying combination on both the low ports and the high ones tried the imp****t script and even tried the the python method.
So can someone please PM me with a nudge?
Just got the root, there is something with the “fox” but you need to search it in the right way and right places.
Just PM me if you need a littile push!
Rooted.
This one turned out to be a bit of a pain for me. Per my last post I never got any connection to w***m to work from linux. HTTP on 80 worked fine, S*B worked fine, and the metasploit w***m_l***n module worked fine with “login success” on the proper creds.
None of the ruby tools posted here ever connecetd. With the wrong creds I got auth erros, so I was communicating with the box. With the right creds everything times out.
I had to switch to a windows 10 VM and then use En***-*******on with P****S**** to connect and get user and root.
I can’t think of a good explanation why I can be connected to the S*B share one min. then have an auth error on w***m, but then time out. Yet connect the next min. with the same creds from a windows host. If you are having problems with getting your user shell and you are sure about your creds, then try windows if you can.
Overall though, really fun box and forced me to do a ton, thanks for the good time!
Rooted !!!
If anyone need help PM me 
root owned. PM me for help
New to HTB and security domain. Done the nmap got some open ports after that got stuck. Any suggestions??