Official Bizness Discussion

Just started this box, I’ve got an idea how to continue but…

Is this “internal server error” message OK or needs the machine to be reset?


Answered myself. After a little nap everything works better ^. Got user a second ago. Working on root tomorrow :slight_smile:

To all the peole that struggled with the Foothold, there is a modified tool of the Y***** serializer that can give you RCE with more complex command, just ask Google! :smiley:

Stuck on root. I found the DB and the weird hash. I also found the fonction that hashes the original plain-text password but are we really supposed to reverse a hashing function on a “Easy” box?

1 Like

you need to submit both user and the root flag within the same session

"Get +5 points on every first blood " What’s up with this blood thing?

Nah you don’t. You can submit the user flag, shut down the machine, and do the root flag later. You just need to gain access to the machine all over again. @longlivedavemustaine just did not get the correct user flag, apparently. It’s possible the machine was updated and you need to restart, or maybe someone hijacked the flag values, I’m not sure to what extent they protect it. No matter what restarting should help. (And btw @longlivedavemustaine I’d like to see you code a better website, theirs is pretty good. PM me once you’re done so I can take a look)

To your second questieon @thehermit254, first blood means the very first person to get the user flag, and there is another bonus for the first person to get the root flag. On easy machines this is usually in the first few minutes so you need to be there when it opens.

Ok, so I’m hoping someone can help me out here. I have found the DB and a hash that matches a hashing/encoding function found on this box. But the hash doesn’t appear to be anywhere near long enough based on the algorithm I believe is being used. Am I down a rabbit hole here, or have I missed something? I’m happy to DM someone who knows if you want more specifics on what I found.

I won’t believe that in easy box will need to write hash decryptor… User flag very easy but need to try more options than one.

1 Like

Finally rooted.

Feel free to reach out, but please bear with my slowness, because that would be the first time I ever help somebody with hacking stuff.

for some reason i cant seem to get the reverse shell to catch, I have gone over everything and even now posted to reddit for help and tips and everything ive been suggested has not changed a thing. i sit with the listener, im using the correct syntax for the POC exploit, every time i run the POC i get “payload successfully sent” no matter what command i use for the POC it says it sent successfully, yet the listener doesnt ever catch it and any other command i run had no other output. none. im gonna contact support about this because there has to be something wrong. this same thing happened to me when i tried Sau too.

I can’t believe I did it!!! My first week of hacking, man what a ride, I learnt so much about Linux, Java, networks!!!

1 Like

I cannot achieve the execution of the exploit.
None of the exploits from “github” work.
I do as it says in the help.
I read the code myself (but I’m not good at python).
Tell me, please, does the exploit code itself need to be changed? Or leave it as it is?
The simplest commands don’t work.

It doesn’t matter, I revised my approach and decided to gain a foothold through Burp using methods in exploit scripts.
To my surprise, it worked! :sunglasses:

1 Like

Not really an enjoyable experience this machine, especially the root part. Convoluted path.

I can assist if someone needs help. Drop me a DM on Discord

That was painful. One day spent on a false lead.
Some funny thing you can do, but it’s ultimately pointless:

If you send a contact form (not subscription in the footer) in a specific way, index page will include itself in error message. I thought maybe that’s an LFI opportunity. Looked too good to ignore, but nope.

I’ve managed to get user, the problem is every time i connect using the reverse shell after 10-20 seconds i lose connection to the box. Anyone else having this issue?

Connection to HTB stays intact its just the box…

are you telling it to connect to the correct IP?

This was actually an awesome box in my opinion. Really easy user, root needs more digging but you’ll get there :wink:

User: a recent vulnerability was found in certain versions of something. Google is your friend.

Root: Dig in certain folders and you’ll know when you find something. Grep is very much your friend. Also the length of certain things isn’t what they’re supposed to be. Take that as you will :wink:

1 Like

Im looking as much as i can, i cant find anything what do i do?

I know what I need to do but hashcat doesn’t recognise what it needs to recognise. aaargh

Hi there! I had the exact same problem, tried a bazillion different shells but the problem was the VPN. I re-generated a new HTB lab openvpn file and reconnected with that one and shell is stable

1 Like