Its gotta be the way, its an easy box and the vuln was pretty straightforwrd to find. I dont think theyd make this a rabbit hole
Any hints on how to get user? Trying to fuzz params on Burp but no luck so far
Got the user creds, trying to figure out how the sudo script works, anyone got a hint?
+1
im stucked at the same step
feeling like a blind
iām stucked. iāve got cody creds and login in tea. Hints?
the sameā¦
I believe it is something related to the api, I have been searching someway to exploit, but there are so many methods that it starts to take long
API is really huge, you are right.
have you tried using SSH login with found cred?
Stuck figuring out how to use the script which can be ran as sudo.
Is there something to do with sudo -l any hints?
using cody?
Try another user you found when you dumped the /etc/passwd file
In thesis it has, I found what I believe is a way to login as admin in gitea, but couldnāt use it
Same. Found credentials through Hydra, but theyāre invalid.
finally rooted.
some hints for privEsc:
sudo -l is just the beginning. You have to enumerate more (check other services running). To get access to the service, you might need the docker documentation.
With some magic, you will be able to read the source codes. After that, the relevant vuln to root will reveal.
you may find this useful in PE:
One more HTB āeasyā machine
I canāt deny it was an interesting one, I liked it very much, and for everyone coming, my main advices are āread the docsā and āread the repoā, both vulnerabilities for root and for user doesnāt have any public POC, and so you will need to make the payloads and hack it by yourself, it is a good learning opportunity in any way
And for anyone needing help, you can surely send me a message, R is always here
Just rooted this box. Itās very easy and straightforward. Some hints:
user: play around with the post request
root: check what is running & try to get the source code. After you see what the vulnerability is, exploiting it is a piece of cake.
Root part was very fun, kudos to the author of the box!
PM me if you need any hints