One of the submission rules for challenges on HTB is that the name should be a clue to solve the box
@3mrgnc3 said:
One of the submission rules for challenges on HTB is that the name should be a clue to solve the box
I meant ČÓÅgĶ·Ķ¼Č , never mind anyway :lol:
For anyone that has an idea on privesc, a pm would be helpful.
Do I have to look into the code? Because I donāt want to waste my time for something not neededā¦
I tried known vulnerabilities and common ways to get Shell but they wouldnāt workā¦
How can I upload PHP file ā¦ It cannot upload anything even a picture
is the machine broken ? it even canāt upload allowed files.
Im thinking that this is one of those āimmersion breakingā machines. The upload is a deadend. I tried creating a new snippet since I noticed they use php. The only hint Ive seen in this box that its related to Falafel somehow but I never completed that so thats dead too or just a rabbit hole. If anyone has a clue how to work up from here can you give me a PM?
i gave up on that, havent got a shell yet but theres plenty of other things to look at on there
I guess if one thing does not work, we need to rethink about it
theres other things on the box if the thing your on is not verking try the other things
login screen ā¦ hmm how to PASS it??? Running out of ideas. Really annoying.
@macw141 said:
login screen ā¦ hmm how to PASS it??? Running out of ideas. Really annoying.
Keep it simple
@drtychai said:
@macw141 said:
login screen ā¦ hmm how to PASS it??? Running out of ideas. Really annoying.Keep it simple
keep it extra simple
@Waffles said:
@drtychai said:
@macw141 said:
login screen ā¦ hmm how to PASS it??? Running out of ideas. Really annoying.Keep it simple
keep it extra simple
User ID is indeed not complicated, but to be honest forum is a bit misleading here (and maybe not even a bit, but quite a lot).
Now the same story with password. Every attempt takes 10 sec. This is really annoying.
tried all obvious pwds and the app intentionally sleeps for 10sec when pwd is wrong.
empty pwd 100ms
wrong pwd 10100ms
#Hint if you are on the login screen , username and passwd are both visible to you.
i got it in the first attemopt, silliest passwd ever seen by me on htb,
also the file upload is a not working, nor can we create a userā¦
as said by sir @3mrgnc3 we have to enumerate more ā¦!!!
@p5yph3r said:
hint if you are on the login screen , username and passwd are both visible to you.
i got it in the first attemopt, silliest passwd ever seen by me on htb,
also the file upload is a not working, nor can we create a userā¦
as said by sir @3mrgnc3 we have to enumerate more ā¦!!!
Sorry for being sarcastic, but what about user ID? Did you also āguessā it?
You are the luckiest person I know.
@p5yph3r said:
hint if you are on the login screen , username and passwd are both visible to you.
i got it in the first attemopt, silliest passwd ever seen by me on htb,
No they are not. At least not user ID.
Yeah , on HTB , i usually try the silliest passwds first, sometimes I get lucky,Like this oneā¦!!!
if you still havent got the username, PM me
Spoiler Removed - Arrexel