Official Backdoor Discussion

system · November 20, 2021, 3:00pm

Official discussion thread for Backdoor. Please do not post any spoilers or big hints.

Chaplin · November 20, 2021, 9:21pm

Can someone give a small hint? I feel like I enumerated the full Website and haven’t found anything useful.

voidhofer · November 20, 2021, 10:42pm

Maybe try to look up some ebooks on the topic.

Nixsploit · November 21, 2021, 12:15am

Box felt CTF like, but I like how it forces you to really think about what you can gain with the tools given. I ran into the intended path as a last resort since I ran out of ideas of what to check. Lesson learned

Tips
User
Learning to read is important, but more so is understanding what to read. Especially, when you want to know information about procs running.
Root
Basic enumeration will catch this, maybe research some “how to” guides when you see that interesting job.

Gvinfinity · November 21, 2021, 2:25am

Hey, can anyone give a little hint on the foothold? Fell free to dm me if you prefer to talk there.

hotbitiotrader · November 21, 2021, 3:24am

make sure to manually enum plugins

voidhofer · November 21, 2021, 11:41am

Finally got root. It was a fun box. If need a hint, send me PM.

Tips:

Initial vulnerability:

This was the tricky part for me. I had to download some reading material on the topic to understand how everything works.

Foothold:

This part involves some guessing. If you are familiar with linux and you got some basic scripting skills you should be fine. After I found what I was looking for, all it took was a google search and I was in.

Privesc:

Pretty much straight forward. Check what you got access to.

zombie · November 21, 2021, 2:05pm

Anyone getting errors in executing the obvious thing during the initial foothold?

CryptoCat · November 21, 2021, 4:39pm

I spent a long time trying the intended exploit without success until I saw people mention in HackTheBox discord that you should use release arena. I had been trying to launch release arena all day but got “no machines available” error. When it finally allowed me to boot a machine, my exploit worked fine! Note that I had tried resetting the public (non-RA) box and it didn’t help… Just in case other people are having similar issues, try switching to release arena xD

mojorising · November 21, 2021, 4:59pm

Hey Guys

I’ve found the ebxxk LFx vuln + dx credentials to wxxdprxxs but can’t see the path forward.
There are tons of potential files to enumerate and so far could’nt find any other interesting plugins/vulns.
Will appreciate any nudge’s
10x

crod2 · November 21, 2021, 9:14pm

Bet you did some network enumeration at start, dont forget about it and try to use vuln that you found to get more info. 0x0ff3ns1v3 tip about on what you need to pay attention is really helpful

cmoon · November 22, 2021, 3:31pm

Rooted after getting a nudge.

For foothold: Once you’ve found the obvious vuln don’t neglect to follow guides on finding info about running services and don’t forget to manually review output. I missed this for a while

PM for help but let me know what you’ve already tried

nonattribution · November 23, 2021, 6:12am

definitely read all of the above posts for foothold and for user.
foothold to user - script or fuzz, be curious and experiment if it helps.
Root - i had to get a nudge for root. and then i STILL had to read the man page/docs backwards and forwards.
but the clues are visible for sure.

pdefermat · November 23, 2021, 10:04am

This was definitely an interesting box.

I you go through all of the previous message in here you will find what you need.

foothold: just be “aggressive” while looking around
user: what’s happening on the system?
root: pretty easy, you should have already noticed that from the previous steps. Look at the arguments.

Interesting I was not able to find what I needed with nmap but found it with masscan.

Thank you, @hkabubaker17 for this!

darkenum · November 23, 2021, 12:12pm

Hi there,

Found the path to expose file contents, retrieve DB name/user/pwd, found a user but can’t use any information to do anything with, stuck here…
Anybody would give help (PM ?)

dr0pk1ck · November 23, 2021, 6:30pm

I’m right there with you @darkenum, usually at this point I have a clear direction but this time I’m just spinning my wheels.

EDIT: nevermind, ended up getting it after really taking into account what a lot of people where saying. Pretty fun challenge.

jeter · November 23, 2021, 9:50pm

Alright… after much enumeration of all files I still don’t know which one to read… Could be that I’ve read it already but missed something. Any help welcome - feel free to PM!

ghostng · November 23, 2021, 10:27pm

were you able to figure it out? I found a way to upload but still a VERY restrictive environment

zordious · November 23, 2021, 10:57pm

Hey Hi; I am facing issues with getting a reverse connection, Is anyone else facing this issue ?

darkenum · November 24, 2021, 4:02pm

I experienced same kind of pb… you have to tried many times the command and then it will pop in your listening console…maybe a conexion issue, don’t know …

Topic		Replies	Views
Official Moderators Discussion Machines	12	2470	October 17, 2022
Official Shibboleth Discussion Machines	26	3617	March 29, 2022
Official OpenSource Discussion Machines	219	20684	March 30, 2024
Official Shared Discussion Machines	34	5427	October 22, 2022
Official Resource Discussion Machines	155	4438	November 12, 2024

Official Backdoor Discussion

Related topics