No, it wasn’t need to run the image on local.
Ok you are logged in one of the dashboard with admin creds. Thats one thing, but there are more login pages.
Try to check another login page and the data that you can input, you could find this data in the image.tar again.
ROOTED finally. This machine really annoying me. XD
bro I got the d*** and m*** login but I didnt find the credentials for e**** user. not sure on how to get the inbox to get that link.
Edit: I got the way to login into the mail with and change name. Tried SSTI but that is not working.
Got user, but I admittedly don’t know enough about gpg and now I’m stuck. Can anyone DM me for some pointers, please?
Edit: Google finally paid off. Got root. Nice box, @ctrlzero!
when you created one account, it created another account on another webapp. You’ll need to confirm your settings changes there before your shell will pop.
Yes, you’ll need the phrase. gpg2john can help. Hopefully that’s not too much info.
1 Like
Got User. Confused on Root. Are we trying to go from C*** and then Root? The method is a little confusing, but I have the paper that was mentioned in the email from C*** to E****. Not sure how we go about doing this though.
Lol nice. OK I got the key and decrypted it. Now I’m just trying to see what to do with it
ROOTED! Great box @ctrlzero ! Hellava ride that was! Learned some good stuff. Much thanks to @clure for pulling me out of rabbit holes. If anyone needs some nuggets, feel free to PM me. Got a detailed write-up of the steps I took.
Rooted! Personally, didn’t like the box that much. But there were some good challenges and learned a lot of stuff. This was a hard box for me but quite a good combination of exploits were there. DM if you are stuck
1 Like
loving this box so far!!! im stuck where to get the email invitation, any hints?
Check in something you can download from the web server. Use your grep skills. Hope that helps
any help with how to find ad*** hash in i****.t*r ?
Look in a file where usernames and passwords are typically stored on web backends. If you’re in the tar, you’re probably staring right at the file. Hope that helps.
1 Like
First and foremost some of ya’ll are idiots for providing hints to lead people in the wrong direction. Those that provided enough info for a correct nudge, thanks. That being said:
Foothold: Don’t listen to people that said to look for creds like it means something in the t** file. There is something else you should be looking for that will ‘invite’ you to create something. From there use your skills to get your foothold.
User: Not basic enumeration but massive enumeration. Can’t really give a good hint here as the method is straight forward.
Root: There is something that you have access to that you didn’t before that can lead you to root. Just like user, can’t really give a good hint as it will give the method away. Very straight forward.
1 Like
Good challenge with several little, known tricks combined with a less common variation of a well known class of web vulnerabilities. Enumeration is the key factor. I think there are some simple “unwritten rules” on HTB like:
-
if you find a password in one place, you should test it at other places
-
if you find an open web connection, you should find all accessible sites
-
if you can register a new account, you should register it
-
if you have some source code, you should analyze it
-
…
2 Likes
I am stuck after I logged in to bolt.htb … any nudges!
Where exactly are you stuck in the process? Feel free to DM me and I’ll give you some nugs