V-h0st enumeration guys, like there’s fuff-ing tomorrow. That’s your initial vector.
i tried i cant find anything
Just rooted, nice box!
If anyone is struggling to get root, maybe you can try updating linpeas. Feel free to DM me for hints.
I can’t work fast enough to get the payload in place, the automatic reset is faster than I am.
What specifically did you try? PM me.
I was lucky on that one to use a certain CVE that has a python exploit available. Although the exploit did not work per se, it allowed me to bypass this problem
In my case, gobuster fails everytime I don’t know why, instead using ffuf works perfect.
Rooted.
Here’s a tip for anyone struggling to gain root access: The group membership of a specific user is a red herring. Don’t waste an hour, like I did, sifting through logs.
Just rooted, nice, and very easy box even for me!
The name of the machine always helps.
FFUF and gobuster, can’t seem to find this subdomain. Have used numerous wordlist. Think I am going mad
FFUF can find subdomain, make sure you are updating your /etc/hosts.
For me: I’m stuck inside a admin portal, don’t know how to get RCE from there?
Any hints or nudges? Thanks
m4chx thanks for the great addvise on the /etc/hosts. The thing is that i am not picking up the subdomain
Bruh, I’m stuck at www-data. I’ve already tried all credential hunting methods, but no hits.
PS: I already run linpeas
Im still struggling with subdomain enum… Im using ffuf with -H flag for vhost…Ive been using one of the subdomain lists from seclist@ but yet no result :(((
I guess I should have known my habit of just creating the hosts entry $challengename.htb without looking at the actual content was going to bite me one day.
pat on back to myself.
If anyone who is struggling with subdomain enum
- As @tylerkay said, revisit your habit of adding challenge name in your hosts entry.
- Double check the website…maybe you can find a hint
- gobuster, ffuf works. It’s not the list issue. It’s probably your config issue.
Pwned:)
feel free to DM me if you are stuck and need to be pointed in the right direction.
I got the password for a user and logged in using ssh, but how you got the user ?
Fun box !!
I was very frustrated doubted myself but it’s just : make sure you do well whatever you do
Thanks for helping hint!!!
If i can say somthing: just go on with your usual enum and be aware of what you will find with when enumerating root (maybe you won’t find it in G**)
Continuing the discussion from Official BoardLight Discussion:
FINALLY: