Official discussion thread for Backdoor. Please do not post any spoilers or big hints.
Can someone give a small hint? I feel like I enumerated the full Website and haven’t found anything useful.
Maybe try to look up some ebooks on the topic.
Box felt CTF like, but I like how it forces you to really think about what you can gain with the tools given. I ran into the intended path as a last resort since I ran out of ideas of what to check. Lesson learned
Learning to read is important, but more so is understanding what to read. Especially, when you want to know information about procs running.
Basic enumeration will catch this, maybe research some “how to” guides when you see that interesting job.
Hey, can anyone give a little hint on the foothold? Fell free to dm me if you prefer to talk there.
make sure to manually enum plugins
Finally got root. It was a fun box. If need a hint, send me PM.
- This was the tricky part for me. I had to download some reading material on the topic to understand how everything works.
- This part involves some guessing. If you are familiar with linux and you got some basic scripting skills you should be fine. After I found what I was looking for, all it took was a google search and I was in.
- Pretty much straight forward. Check what you got access to.
Anyone getting errors in executing the obvious thing during the initial foothold?
I spent a long time trying the intended exploit without success until I saw people mention in HackTheBox discord that you should use release arena. I had been trying to launch release arena all day but got “no machines available” error. When it finally allowed me to boot a machine, my exploit worked fine! Note that I had tried resetting the public (non-RA) box and it didn’t help… Just in case other people are having similar issues, try switching to release arena xD
I’ve found the ebxxk LFx vuln + dx credentials to wxxdprxxs but can’t see the path forward.
There are tons of potential files to enumerate and so far could’nt find any other interesting plugins/vulns.
Will appreciate any nudge’s
Bet you did some network enumeration at start, dont forget about it and try to use vuln that you found to get more info. 0x0ff3ns1v3 tip about on what you need to pay attention is really helpful
Rooted after getting a nudge.
For foothold: Once you’ve found the obvious vuln don’t neglect to follow guides on finding info about running services and don’t forget to manually review output. I missed this for a while
PM for help but let me know what you’ve already tried
definitely read all of the above posts for foothold and for user.
foothold to user - script or fuzz, be curious and experiment if it helps.
Root - i had to get a nudge for root. and then i STILL had to read the man page/docs backwards and forwards.
but the clues are visible for sure.
This was definitely an interesting box.
I you go through all of the previous message in here you will find what you need.
- foothold: just be “aggressive” while looking around
- user: what’s happening on the system?
- root: pretty easy, you should have already noticed that from the previous steps. Look at the arguments.
Interesting I was not able to find what I needed with nmap but found it with masscan.
Thank you, @hkabubaker17 for this!
Found the path to expose file contents, retrieve DB name/user/pwd, found a user but can’t use any information to do anything with, stuck here…
Anybody would give help (PM ?)
I’m right there with you @darkenum, usually at this point I have a clear direction but this time I’m just spinning my wheels.
EDIT: nevermind, ended up getting it after really taking into account what a lot of people where saying. Pretty fun challenge.
Alright… after much enumeration of all files I still don’t know which one to read… Could be that I’ve read it already but missed something. Any help welcome - feel free to PM!
were you able to figure it out? I found a way to upload but still a VERY restrictive environment
Hey Hi; I am facing issues with getting a reverse connection, Is anyone else facing this issue ?
I experienced same kind of pb… you have to tried many times the command and then it will pop in your listening console…maybe a conexion issue, don’t know …