Official BoardLight Discussion

Matt.Cross · May 26, 2024, 6:59am

V-h0st enumeration guys, like there’s fuff-ing tomorrow. That’s your initial vector.

SAK2804 · May 26, 2024, 7:19am

i tried i cant find anything

tabbii · May 26, 2024, 7:20am

Just rooted, nice box!
If anyone is struggling to get root, maybe you can try updating linpeas. Feel free to DM me for hints.

Matt.Cross · May 26, 2024, 7:31am

I can’t work fast enough to get the payload in place, the automatic reset is faster than I am.

Matt.Cross · May 26, 2024, 7:32am

What specifically did you try? PM me.

chatziiol · May 26, 2024, 10:12am

I was lucky on that one to use a certain CVE that has a python exploit available. Although the exploit did not work per se, it allowed me to bypass this problem

deifont · May 26, 2024, 10:38am

In my case, gobuster fails everytime I don’t know why, instead using ffuf works perfect.

BrunoRM · May 26, 2024, 11:00am

Rooted.

Here’s a tip for anyone struggling to gain root access: The group membership of a specific user is a red herring. Don’t waste an hour, like I did, sifting through logs.

joher · May 26, 2024, 11:02am

Just rooted, nice, and very easy box even for me!

The name of the machine always helps.

PSySpin · May 26, 2024, 12:06pm

FFUF and gobuster, can’t seem to find this subdomain. Have used numerous wordlist. Think I am going mad

m4chx · May 26, 2024, 12:09pm

FFUF can find subdomain, make sure you are updating your /etc/hosts.
For me: I’m stuck inside a admin portal, don’t know how to get RCE from there?
Any hints or nudges? Thanks

PSySpin · May 26, 2024, 12:10pm

m4chx thanks for the great addvise on the /etc/hosts. The thing is that i am not picking up the subdomain

Deruuuuu · May 26, 2024, 12:10pm

Bruh, I’m stuck at www-data. I’ve already tried all credential hunting methods, but no hits.
PS: I already run linpeas

p0chi · May 26, 2024, 12:46pm

Im still struggling with subdomain enum… Im using ffuf with -H flag for vhost…Ive been using one of the subdomain lists from seclist@ but yet no result :(((

tylerkay · May 26, 2024, 1:15pm

I guess I should have known my habit of just creating the hosts entry $challengename.htb without looking at the actual content was going to bite me one day.

p0chi · May 26, 2024, 1:36pm

pat on back to myself.

If anyone who is struggling with subdomain enum

As @tylerkay said, revisit your habit of adding challenge name in your hosts entry.
Double check the website…maybe you can find a hint
gobuster, ffuf works. It’s not the list issue. It’s probably your config issue.

liram · May 26, 2024, 1:43pm

Pwned:)
feel free to DM me if you are stuck and need to be pointed in the right direction.

redspider · May 26, 2024, 2:16pm

I got the password for a user and logged in using ssh, but how you got the user ?

hacetuk · May 26, 2024, 2:22pm

Fun box !!
I was very frustrated doubted myself but it’s just : make sure you do well whatever you do
Thanks for helping hint!!!
If i can say somthing: just go on with your usual enum and be aware of what you will find with when enumerating root (maybe you won’t find it in G**)

m4chx · May 26, 2024, 2:23pm

Continuing the discussion from Official BoardLight Discussion:

FINALLY: