Obscurity

HTB Content Machines
, , ,
723

@dragonista no not every box is like this. For root, its just a watch, grab and crack …pretty disappointing

Overall

foothold…well that was funny. I liked the beginning
User hat from my point of view nothing to do with reality. It was more like a riddle…extremely ctf style and really frustrating :confused:

Well, root was OK, at least not the typical gtfo bin usage ^^

Tldr: a really messy box ^^

724

Well done @clubby789 thank you a lot, I have enjoyed your box … keep good work.

725

Rooted.

726

manage to get user the old fashioned way…never managed to solve the crypto…I would really appreciate if someone could send me a PM to explain to me on how to solve it the crypto

727

I am in the last step for root

I asked my friend john and he gave me what i wanted. But when i use that, i am not getting into the place where i want to go.

Am i doing anything wrong?

Edit:
Nvm, figured it out. :smiley: :smiley:

728

Rooted, PM me if y’all need a nudge or two

729

Type your comment> @Krocko said:

manage to get user the old fashioned way…never managed to solve the crypto…I would really appreciate if someone could send me a PM to explain to me on how to solve it the crypto

Can you share de answer whit me too plz ?

730

Looking for a nudge on RCE. Can someone PM and I’ll tell you how far I’ve gotten?

731

tried dirb, gobuster, dirbuster nothing seems to work, any hint?

732

Really fun and easy box if you love coding.
You can PM me if y’all need a nudge

733

Working on reversing the encryption.

734

wow, first box where I got root shell before I got the user flag. Might not be the intended way (skipped crypto) but oh well, rooted.

735

is burp needed after finding a py file?

736

Yesterday 3 hours ı couldn’t not catch the root flag but I got it in half an hour today.
I have to learn to look right…

737

Type your comment> @sau123 said:

is burp needed after finding a py file?

Nope! I’d recommend you to use a fuzzing tool like ffuf GitHub - ffuf/ffuf: Fast web fuzzer written in Go

738

If you know python and a bit of linux its not too hard. Aside from that pretty cool box.
Ps: Feel free to PM me if you’re stuck.

739

Really enjoyed this box… tests your code auditing/understanding and was able to flex some dev muscles. Root complete! PM for nuggets.

740

O M G
I’ve been running on this thing for 3 days and finally rooted.
The hardest part for me was the user and I ended up writing my own code for reversing (read here somewhere that this is not necessary but I’m not sure how).
For root - I wrote some more bad to “steal” the output before it’s gone, and then I used Mr. J to help. Really hope this was the intended way.

Tips:
Foothold - pay close attention to the notes left on the landing page. I didn’t use dirb or anything of that sort… it’s pretty straight forward.

User - well, I’ll repeat someone above with a bit more context: you have f(x)*k = t you have t and f(x). Now you have to reverse the math…

Root - You can do stuff when someone else’s code is asleep

741

Also, regarding foothold and this box - it very much lives up to its name!!!
All this obscurity led me to chasing ghosts of LFI for hours. Took all that time to figure out is impossible with most file extensions.

Another thingy - did anyone get a shell before the user? is that even possible? I tried for hours and gave up.

742

guys, im stuck at the beginning, I appreciate your help… how to enumerate this box? I tried gobuster, dirbuster and ffuf… couldn’t lead to anything …