Official Agile Discussion

HTB Content Machines
43

You can msg me on Discord, LevitatingBusinessMan#0504

44

Just pwned the machine, liked it! Some extra steps to do in order to archive Root but nothing extremeā€¦ Beware of Rabbit holes here and there!

PM me if you need any tips :wink:

45

Hello, if anyone could give me any hints for foothold, I would appreciate it. I tried a lot of things and got some ā€œsensitive-lookingā€ stuff that were not useful. As many here said there are rabbit holes, I donā€™t want to spend too much time in the wrong direction. I could tell you what I found so far.

Cheers

47

Absolutely, I just need to know what you found and tried, I sent you a message related to the topic :heart:

48

Hey I got user but stuck in root can get some hint please pm

49

Hi @Paradise_R can you drop me an hint I did I did port scan and found 80 and 22.

Trying to brut force on ssh now.

any other pointers please.
TIA

50

Can anyone Help me with the box . New to hack the box and have completed the tier 0 and some of tier 1 but still feel lost on how to pwn this box. Any help would be greatly appreciated

51

Hardly you are going to bruteforce a ssh, it is made to be secure, the main practice is generally to access the website and search for vulnerabilities inside it, fuzz its directories and try to find ways to read vulnerable files, sometimes you wonā€™t even get a reverse shell and are going to need an RSA id to log inā¤ļø

1 Like
52

Got user but stuck on root. I think I know what I need to use but just cannot figure out how to use it.

Can I get some hints for root from anyone?

53

To all the freaking idiots out there : youā€™re not alone on the box, so when you luckily find a way to dump the root flag, please be smart for once and donā€™t do it inside the home directory of the user, or at least be kind enough to remove it. Thank you.

3 Likes
56

Oh, donā€™t be so tough with the newbies :flushed:

But yes, please donā€™t dump the files in public directories and also avoid to let your exploit scripts standing there
And rather than dumping flags, try to get reverse shells or otherwise send these files to your own remote machine, this is always a better approach :heart:

6 Likes
57

For anyone coming and needing help, this guide may be useful for you :heart:

  • When you are just a new user, create your account, and see what you can access, you first exploit vector is always going to be common generic user
  • Always fuzz, use gobuster or ffuf and find all directories, use the longest list and let it work on second plan
  • Found an LFI? Always check the source code first, meticulously look its contents in search for something vulnerable
  • Logged in Linux? Linpeas is your friend, if something is colored in vibrating orange, it is almost certainly vulnerable, try at least 3 different attacks in this vector before you give up
  • Privilege escalated to the second user, and now you should again use sudo -l as you always do when logging in a Linux machine
  • If you can use sudo only as another user, focus not in what you can do, but rather what this specific user can do, find which files they can read/edit and think as if you were in their account
  • An edited file means nothing if it doesnā€™t get executed, always focus on editing regular processā€™s files that are executed in the shortest amount of time, otherwise you would need to trick a real person to do something and it would be considerably harder than tricking a machine

I hope this to answer any question from everyone, but if you still need help, you can surely call me, R is always here :heart:

20 Likes
58

Iā€™ve gotten up to LFI and have been able to get the p****d file.
Not sure what to do next. Iā€™ve tried to get the source code but I canā€™t find where it is. The path I think is right: ā€¦/var/www/html/____
Any help would be greatly appreciated!

59

The path is visible in the error logs :heart:

60

PM me, will aswer you there!

61

Need some hints for initial foothold. Got stuck in the login page. Thanks in advance

62

If you are stuck on pe and you are sure you are on the right path, try restarting the machine. The exploit method randomly stopped working for me but I did the same steps again after restarting and it was fine.

64

Thanks will try fuzzer

66

Iā€™m new to HTB. I can ping the target machine, and when I try to go to http://[TARGET-IP] I get redirected. I canā€™t fuzz any directories on the webserver. Iā€™ve reset the machine a couple of times, but I canā€™t seem to access anything on the web server. Is my machine broken, or am I just not trying hard enough? I saw people mentioned a login page, what am I missing here?

67

could it be DNS?