Hi, I just found an open writeup for Bucket without password, where can I report it?
Finally, after about 2 days.
-
Got stuck with foothold. There are some great hints here that helped me, in particular, the importance of RTFM, which can help you flag a way in.
-
User was pretty straight forward. Nothing to add here that wasn’t mentioned.
-
Root… This was tricky. Other than what was already mentioned, I must warn you to use other Search engines. I had a good idea of what to use, but I use Duck-Duck-Go. It’s usually pretty reliable, but it didn’t bring any interesting results. So, I had dismissed my idea for a while. Then, I decided to try Google and a good answer appeared, then it was just a matter of finding the keys to the kingdom.
Nevertheless, I am not sure if I got the best way in. I assumed quite a bit of misconfiguration for a standard service and it paid out. Others mentioned it was close to a real life exercise, and I don’t want to believe people still do that.
(I hope there’s not much spoiling here).
I have a script for root which seems like it should work but keep getting a 404 - would appreciate if anyone could DM to find out whats going wrong 
Far out this ones been a challenge haha. Just got user.
For foothold: Once you’ve found the interesting stuff it truly its just a matter of finding the right commands to get what you want up there in a place you can execute it(from a__ c__, NOT D____o S___l) and just spamming.
For User: If you’re at this point you’ve played around with the D____o S___l enough to have found something interesting, see whos around and see which one opens the gate
I’ve never had any experience with s3 so spent a lot of time chasing my tail trying to g_n cr_ds when I didn’t need to, just needed the right sequence of commands. Onto root…
Finally rooted: This was a hard box. Hint: 8000 is the local one you want
The user flag is easy, as long as you can find a way to upload file to the website, you can get the user flag. But root flag is harder, spent some time to find the hint. The system reset is also very annoy, it took me awhile to realize it is not my script has problem, but just some system reset going on. But this is the first time I used axx api.
That was a weird box, enjoyable because I had no experience with this service before but I can’t get over why my files right after upload was there and sometimes wasn’t I feel like timing was so tight at first I thought it is rabbit hole. And after a while it just worked. But overall it was nice break from gitlab boxes. Would hack again!
Rooted.
Fun box even though I faced a bit of problems with the user (which IMO was harder than root, but maybe I was just lucky).
Tips:
- Foothold: Enumerate and read the docs.
- User: Did you find anything interesting during enumeration, something you didn’t know what to do with thus far?
- Root: Good google search and basic code knowledge will help you a lot here, alternatively - RTFM.
Overall - RTFM basically
I am really confused about this one. I get server not found if i go to bucket.htb. Ran nmap so I pretty sure I am in the right spot. Is there an issue with the box or is the server not found part of the game this time around? I can get to other machines so I know it’s not a vpn issue. I also clicked the reset button on the box just in case.
@MaximumBob said:
I am really confused about this one. I get server not found if i go to bucket.htb.
Have you set it up in your hosts file?
Ran nmap so I pretty sure I am in the right spot.
Are you running nmap against the IP or domain name?
@TazWake wow i just found a typo i my hosts file. I doubled checked when you asked. thx for the help. 2 weeks off and I haven’t had enough coffee yet to catch those mistakes.
@MaximumBob said:
@TazWake wow i just found a typo i my hosts file. I doubled checked when you asked. thx for the help. 2 weeks off and I haven’t had enough coffee yet to catch those mistakes.
No worries - glad it is resolved now.
Spoiler Removed
@pagal said:
Can some please help me getting error **Could not connect to the endpoint URL: ** while trying to get root flag ??
I don’t think you need that for the root flag.
Rooted nice Box 
root@bucket:~# id
uid=0(root) gid=0(root) groups=0(root)
PM me if anyone need help
can anyone give me a nudge here? I have the ability to upload, not execute, i get that i have to place a payload somewhere else, but cant figure out where else i have permissions/access to do this. I see people talk about “linking” the two sites up, but dont really understand how to do that with the cli.
Edit: nvm - got user, was on it the entire time
Type your comment> @l0w said:
Rooted.
Fun box even though I faced a bit of problems with the user (which IMO was harder than root, but maybe I was just lucky).
Tips:
- Foothold: Enumerate and read the docs.
- User: Did you find anything interesting during enumeration, something you didn’t know what to do with thus far?
- Root: Good google search and basic code knowledge will help you a lot here, alternatively - RTFM.
Overall - RTFM basically
is the php file a rabbit hole here? Seems that the tables are not appropriately set up for this script to work, also wondering why the local 8*** is even there is there isnt anything here.
Hey Guys,
I have found the 2 URLs but still unsure how to get a foothold any advice? Please and Thank You
Hey Guys I have a foothold still can’t read user flag. Does anyone have any advice for a nudge?
Type your comment> @Raskul82 said:
Hey Guys I have a foothold still can’t read user flag. Does anyone have any advice for a nudge?
if you have a foothold you already have the capability and access needed to get the user flag. what enum have you done? have you played around with the cli tools? did you do the typical dir discovery on the websites?
rooted - thanks @TazWake for that final nudge
foothold - learn the cli, fairly simple actually once you find the correct cli methods
user - your previous enum (done on every initial htb engagement) will find the hints and things you need for this
root - funny script will lead you down a few rabbit holes, if you encounter any new tools, research them thoroughly and you’ll find what you need…once you find it, you’ll solve this VERY quickly, so dont spend too much time down each rabbit hole