Official Backdoor Discussion

Official discussion thread for Backdoor. Please do not post any spoilers or big hints.

1 Like

Can someone give a small hint? I feel like I enumerated the full Website and haven’t found anything useful.

3 Likes

Maybe try to look up some ebooks on the topic. :wink:

4 Likes

Box felt CTF like, but I like how it forces you to really think about what you can gain with the tools given. I ran into the intended path as a last resort since I ran out of ideas of what to check. Lesson learned :slight_smile:

Tips
User
Learning to read is important, but more so is understanding what to read. Especially, when you want to know information about procs running.
Root
Basic enumeration will catch this, maybe research some “how to” guides when you see that interesting job.

3 Likes

Hey, can anyone give a little hint on the foothold? Fell free to dm me if you prefer to talk there.

make sure to manually enum plugins

2 Likes

Finally got root. It was a fun box. If need a hint, send me PM.

Tips:

Initial vulnerability:

  • This was the tricky part for me. I had to download some reading material on the topic to understand how everything works.

Foothold:

  • This part involves some guessing. If you are familiar with linux and you got some basic scripting skills you should be fine. After I found what I was looking for, all it took was a google search and I was in.

Privesc:

  • Pretty much straight forward. Check what you got access to.
2 Likes

Anyone getting errors in executing the obvious thing during the initial foothold?

1 Like

Rooted. It’s an interesting box; personally, acquiring user was the most challenging part.

Tips:

Foothold:

  • Make sure to enumerate everything on the web app. Once you find it, it’s going to stand out. From here on, Google is your best friend.

User:

  • After you get a foothold, take a step back and look at what you got. How can you find out what that bizarre thing was about? 0x0ff3ns1v3’s tip is very helpful here.

Root:

  • Basic enumeration will get this. Make sure you take your time to understand what it does.
1 Like

I spent a long time trying the intended exploit without success until I saw people mention in HackTheBox discord that you should use release arena. I had been trying to launch release arena all day but got “no machines available” error. When it finally allowed me to boot a machine, my exploit worked fine! Note that I had tried resetting the public (non-RA) box and it didn’t help… Just in case other people are having similar issues, try switching to release arena xD

Hey Guys

I’ve found the ebxxk LFx vuln + dx credentials to wxxdprxxs but can’t see the path forward.
There are tons of potential files to enumerate and so far could’nt find any other interesting plugins/vulns.
Will appreciate any nudge’s
10x

Bet you did some network enumeration at start, dont forget about it and try to use vuln that you found to get more info. 0x0ff3ns1v3 tip about on what you need to pay attention is really helpful

Rooted after getting a nudge.

For foothold: Once you’ve found the obvious vuln don’t neglect to follow guides on finding info about running services and don’t forget to manually review output. I missed this for a while

PM for help but let me know what you’ve already tried

1 Like

definitely read all of the above posts for foothold and for user.
foothold to user - script or fuzz, be curious and experiment if it helps.
Root - i had to get a nudge for root. and then i STILL had to read the man page/docs backwards and forwards.
but the clues are visible for sure. :sunglasses:

This was definitely an interesting box.

I you go through all of the previous message in here you will find what you need.

  • foothold: just be “aggressive” while looking around
  • user: what’s happening on the system?
  • root: pretty easy, you should have already noticed that from the previous steps. Look at the arguments.

Interesting I was not able to find what I needed with nmap but found it with masscan.

Thank you, @hkabubaker17 for this!

Hi there,

Found the path to expose file contents, retrieve DB name/user/pwd, found a user but can’t use any information to do anything with, stuck here…:frowning:
Anybody would give help (PM ?)

4 Likes

I’m right there with you @darkenum, usually at this point I have a clear direction but this time I’m just spinning my wheels.

EDIT: nevermind, ended up getting it after really taking into account what a lot of people where saying. Pretty fun challenge.

1 Like

Alright… after much enumeration of all files I still don’t know which one to read… Could be that I’ve read it already but missed something. Any help welcome - feel free to PM!

2 Likes

were you able to figure it out? I found a way to upload but still a VERY restrictive environment

Hey Hi; I am facing issues with getting a reverse connection, Is anyone else facing this issue ?