Magic

HTB Content Machines
362

Rooted.
Very nice box, pm for nudges. :smiley:

363

Great box. Enjoyable and relatively easy for those familiar with standard concepts. The root priv-esc is one of those; youā€™re either familiar with it or youā€™re not, but it is very simple cyber-101 stuff and, for those not familiar, the hints on here are discreet enough to aid you if you look at them carefully. Thanks to @TRX for a solid machine.

364

yay! rooted!

Enough tips in this threadā€¦ very simple once you spot the right file

365

Great box for me, especially since I am starting, I have learned a lot.

366

Iā€™ve got user 3 days ago but cannot take rootā€¦ wtf? can anyone help me, please? Iā€™m totally stuck. Thank you.

367

@IvanGlinkin said:

Iā€™ve got user 3 days ago but cannot take rootā€¦ wtf? can anyone help me, please? Iā€™m totally stuck. Thank you.

Find a file which might be useful, look at what it is doing and then exploit the road it takes.

368

can someone help on how to get user i am as www-data i have some creds from d*.**p5
but then i am stuck

369

Can someone give me a little nudge for the initial foothole?
From what Iā€™ve read itā€™s simple, but I have know clue what to do.
I found ln.php and u*d.php but I only can interact with first.

370

@mava said:

Can someone give me a little nudge for the initial foothole?
From what Iā€™ve read itā€™s simple, but I have know clue what to do.
I found ln.php and u*d.php but I only can interact with first.

If you google for what you are trying to do, there is a post which should be one of the first results and is full of useful information.

Other than that try uploading various things to confirm what is and isnā€™t allowed.

371

@xenofon said:

can someone help on how to get user i am as www-data i have some creds from d*.**p5
but then i am stuck

Try dumping to see if anything useful comes out.

372

i have uploaded my image but I get a Page not Repsonsive Error when I go to the image

373

Tried what I thought the box name suggests but didnt work, can I have a little help? DM

374

@inc0gnit0 said:

i have uploaded my image but I get a Page not Repsonsive Error when I go to the image

If it is a legitimate image, the box might have a problem.

If it is an attack, either your attack hasnā€™t worked or it needs to be executed in a different manner.

For example, command shells which rely on a GET request need to be requested with a command otherwise it doesnā€™t really know what to do.

375

@H0ru5 said:

Tried what I thought the box name suggests but didnt work, can I have a little help? DM

If you google what you are trying to do, the answer is in one of the first hits.

376

Rooted, fun box, its a great feeling to use magic, pm for nudges.

377

Great box. After the disgusting ServMon, it is like a breath of fresh mountain air. As usual, if you are stuck - write to me in PM.

378

Rooted. The foothold was very easy, user needs a bit of enumeration, and then direct way to rootā€¦

Awesome box, thanks a lot @TRX !

Pm me if stuck.

379

Very fun box

380

Why is the image getting deleted as soon as I am uploading?

381

Type your comment> @Anu said:

Why is the image getting deleted as soon as I am uploading?

Seems like thereā€™s a cleanup that happens periodically. Just be ready with your file just in case ;).

Fun box - very magical experience. Here are some hints to try and help - donā€™t think itā€™s too spoilery but sorry ahead of time if it is.

Foothold - web browsers and servers are stupid - trick it into thinking itā€™s getting what it things its getting. file extensions can be magical and together
User - enum for something, then enum some more with that something. you might need to create your own mechanism for this if the foothold is too janky
Root - super basic enum techniques worked for me instead of tools (the results were overkill). find something sticky, string it up, see where it leads you

Happy to help with judges if you want to PM :smile: