Netmon

HTB Content Machines
1

Starting the thread. :slight_smile:

2

first

3

user is so easy lol !

4

wish i woke up earlier to get firstblood

5

When you regret not going for first blood

6

Never thought that there will be an easier box than Jerry lol

7

lmaoooo the user !!!

8

Its the PR** ****ig **le a rabbit hole?

9

jeez I cant see anything after user

10

User is easier than I could have imagined. I am totally lost on root. My first box was Access and I couldnā€™t figure out how to do root on it. Hopefully this one is a little easier than access to help me understand some basic priv esc.

11

Oh wowā€¦ The user flag is easy. lol

12

@KaotiqCJ said:
User is easier than I could have imagined. I am totally lost on root. My first box was Access and I couldnā€™t figure out how to do root on it. Hopefully this one is a little easier than access to help me understand some basic priv esc.

Yeah I was the same. Iā€™m working on a few avenues for root access atm.

13

Found creds but they donā€™t work where I expected.

But the box is extremely slow now - maybe heavily brute-forced?

Edit: Sorted out - ā€˜think like a userā€™.

14

Got Root. The obvious app is the path forward once you get user. Keep googling the app and you will find tutorials and conversations that will give you everything needed to get this box.

  1. Find something juicy.
  2. That juicy thing doesnā€™t work out of the box. ā€œThink like a userā€. Modify a piece of it. Youā€™re in.
  3. Find a way to blindly ā€œalertā€ yourself. Depending on how you do this, there may be a step 4: Utilize that famous windows service to profit (via Impacket)

PS. NO BRUTE FORCING REQUIRED. I doubt the password is even in any wordlists. Donā€™t waste your time and destroy the box for anyone else.

15

User was unbelievably simpleā€¦ Still stuck on root, though. Found the l**** page with n***, and tried to get in by using default creds, but nothingā€¦ A little weary to start brute-forcing yet; Iā€™d rather exhaust other avenues before getting too hacky. Also noticed a W****** S***** vuln. Tried to exploit but didnā€™t workā€¦ Anybody else making headway?

16

please stop bruteforcing ā€¦

17

do people change the creds ? I got them in 2 ways but i cant l*****

18

Type your comment> @peek said:

do people change the creds ? I got them in 2 ways but i cant l*****

Having the same issueā€¦ And was thinking the same thing as wellā€¦ Finally managed to get creds the same two ways Iā€™m thinking you probably did too, and neither workedā€¦

19

honestly im so bored i could publish them, I expect someone to confirm them before.

20

to find the creds do we need to look inside the box??