Anyone I can PM about fighter? I’ve logged into the members page and can also get some data the same way I got creds for the page, but everything I can find on running code is not working. Not much I can put on the forum without spoiling unfortunately. Just wondering if I have something unintended, a rabbit hole or I just need to try harder. =P
I’m at a similar spot, I’ve got a login and have looked for more information where I got the creds. However I can’t seem to find any way to run code. Any nudges? Feel free to PM if you can’t give a little nudge without spoiling previous steps.
@Morfaroth said:
I’m at a similar spot, I’ve got a login and have looked for more information where I got the creds. However I can’t seem to find any way to run code. Any nudges? Feel free to PM if you can’t give a little nudge without spoiling previous steps.
+1
I do not know the creds for forum but found a way to run command in system.
I cannot upload standard executable file
@smjogi you won’t need to upload an .exe since it’s windows… there are other ways to get shells without an executable if you have command execution. I still have not been able to get even user with a shell though and I’ve dumped a ton of time into it. It’s a tough box, probably the best one I’ve worked on in HTB honestly. Usually the box name has some reference to initial or privesc but I’m not sure this one does.
@excidium said:
Anyone I can PM about fighter? I’ve logged into the members page and can also get some data the same way I got creds for the page, but everything I can find on running code is not working. Not much I can put on the forum without spoiling unfortunately. Just wondering if I have something unintended, a rabbit hole or I just need to try harder. =P
I’m at a similar spot, I’ve got a login and but i don’t looked information for the creds
Anyone can give a hint to me?
Spoiler Removed - Arrexel not working why?
hi, can somebody give a hint on logging into the members area? i found an injection point, but all I can dump is either gibberish or encrypted.
thx!
Yay finally rooted.
hardest box ive done yet.
This box was a tough fight … But learned a lot from this.
got shell. and priv esc, working on the final step for the flag if anyone can assist me with a hint. I have one of the key parts but i need another part.
nvm
found the member page and found a vulnerability which I am exploiting. I was able to get some data out which should have provided me auth access to portal but continue to get an error message…
I need a hint on getting the root flag. Please someone PM me
*** I finally got the root flag. Its was fun and i learnt some things*** Thanks to hendrikvb, valkyrix and echel0n1881for their hints and help
i got injection and can see some Wb T***b any hint how to move further
can someone pm me to validate what I have found so far and guide me a step forwards? I am trying to exploit the old members site.
I could use some help, if someone could PM me.
*** Just when you think you’ve tried everything and you feel like reaching out for help, only then do you dig deeper…and find the page ***
Can anyone PM about where i can stick the needle? (so to speak)
ask someone does this link work .streetfighterc* ?
@XXYXZX said:
@valkyrix said:
[…]
thanks, think i found it. not just to figure out how to actually get into the site ._.Let’s just say that this step is simpler than you might think. A lot of funkiness going on there but stay old school and straightforward.
This means that I am missing something - if I am not ready with bruteforce after one week, then I do it wrong right?