Official Bizness Discussion

Please don’t change passes or anything which is not necessary. I got a 403 on the website…

Rooted! :slight_smile: Foothold was nice but didn’t enjoy the privesc

Foothold: Github is your friend
Root: Have you tried looking for databases?

4 Likes

Finally! :stuck_out_tongue_closed_eyes:

3 Likes

When I try to exploit a PoC I get this response * Connection #0 to host bizness.htb left intact and I never get the request to my simple python server (I also try to listen on icmp trace and I never get the ping).

Can someone give me some hints on root?

1 Like

I need that also… there are bunch of rabbit holes :smiley: Took foothold in 15 minutes but its been more than 10 hours for PE

try to filter the content of these files using grep or some other tool

root help??

1 Like

PE :

What is our service and which folder its running?
Maybe there is some files that holding some information that we can use

Too much salt is risky for your health best way to overcome, looking around inside of the source and getting back the real what we need to use with some comparison with that song that queens always listen :wink:

3 Likes

Salt is risky, but it’s definitely important :slight_smile:

Haha for sure ! especially if you cook salt is the crucial :stuck_out_tongue:

Any hint for privilege escalation?

any hint where the db will be I am trying for PE for 4 hrs

For anyone who is struggling with the connection - just add your public key in the authorized_keys file.

1 Like

Prepare to be swarmed

1 Like

I’m looking for a small nudge/sanity check: Is finding a hash the goal?

I am trying to connect to the db using psql but I get this error:psql: error: received invalid response to SSL negotiation: H. Help please

yes finding a hash is the goal, and no you dont have to connect to the db, just leaked file credentials

2 Likes

Bold of you to assume I haven’t been. :joy:

Finally Got Root