Official BoardLight Discussion

How can I download a file from target to my local machine

Type this in target machine python3 -m http.server 8080 ,then on your machine type wget http://ip:8080/filename be sure that your are in the same directory your file is at and start the server in this directory

1 Like

Thanks.

i found ssh_host_rsa_key.pub

how can I use it to connect to ssh

You should study this free module it will help a lot! Login To HTB Academy & Continue Learning | HTB Academy

You need the private key to connect to the server I believe. That’s the public key. The server SHOULDN’T have the private key.

YESSSSS I DID IT

I am stuck at privilege escalation. Tried the programmer oopsies suggested by that enumeration tool (LPs) but they all look to be patched, unless I am missing something (I wouldn’t be surprised). Any hints?

1 Like

if you google illuminati on google you could find their wiki page and eventually you would probably understand the name of the machine and the vulnerable binary… if you combine the binary name with the word exploit and google it you will find a broken public exploit… just fix the exploit and you are root…

2 Likes

FUCKING DID IT LADS

tip: the process for privesc is a bit dark, you should shine some light on it :wink:

1 Like

congrats!

Not sure what I’m missing with the vhost enumeration…think I got the right domain, but nether gobuster nor ffuf return something valueable

Check twice if you are using gobuster correctly. There is a very important flag that, if not used, cause gobuster to find useless vhosts that will return 400.

Stuck on switching users, every time i try to login in for the user flag i put the password in it just gets stuck/freezes.

You should be able to find it by filtering the size with ffuf’s -fs option.

Hi lads,

got foothold as www-data. not sure how to move laterally to the user. can someone assist?

thanks to @0zcool managed to root this box :slight_smile:

thank you guys this was a great experience and my first box without following the walkthrough.

2 Likes

I’ve got this far aswell. The default creds found in the .conf file dont work, any ideas on how to connect to the mysql service?

One hint guys, Just save the IP address as board.htb, rest is smooth

Well I did it. And I got stuck because I forgot to try all users, with all password combos…

After long fight… I also got it :wink: