Official Busqueda Discussion

ImNotRoot · April 8, 2023, 10:37pm

Its gotta be the way, its an easy box and the vuln was pretty straightforwrd to find. I dont think theyd make this a rabbit hole

snunk1 · April 8, 2023, 11:24pm

Any hints on how to get user? Trying to fuzz params on Burp but no luck so far

Konnex · April 8, 2023, 11:26pm

Got the user creds, trying to figure out how the sudo script works, anyone got a hint?

UndercoverDog · April 8, 2023, 11:28pm

+1

lolek · April 8, 2023, 11:31pm

im stucked at the same step
feeling like a blind

Zer0Pwned · April 8, 2023, 11:38pm

i’m stucked. i’ve got cody creds and login in tea. Hints?

lolek · April 8, 2023, 11:38pm

the same…

Paradise_R · April 8, 2023, 11:40pm

I believe it is something related to the api, I have been searching someway to exploit, but there are so many methods that it starts to take long

lolek · April 8, 2023, 11:40pm

API is really huge, you are right.

wallehazz · April 8, 2023, 11:43pm

have you tried using SSH login with found cred?

supermeisty · April 8, 2023, 11:45pm

Stuck figuring out how to use the script which can be ran as sudo.

ayhanbasyildiz · April 8, 2023, 11:46pm

Is there something to do with sudo -l any hints?

Zer0Pwned · April 8, 2023, 11:48pm

using cody?

wallehazz · April 8, 2023, 11:50pm

Try another user you found when you dumped the /etc/passwd file

Paradise_R · April 9, 2023, 12:50am

In thesis it has, I found what I believe is a way to login as admin in gitea, but couldn’t use it

Konnex · April 9, 2023, 12:54am

Same. Found credentials through Hydra, but they’re invalid.

use0x1337 · April 9, 2023, 12:57am

finally rooted.

some hints for privEsc:

sudo -l is just the beginning. You have to enumerate more (check other services running). To get access to the service, you might need the docker documentation.
With some magic, you will be able to read the source codes. After that, the relevant vuln to root will reveal.

wallehazz · April 9, 2023, 1:11am

you may find this useful in PE:

Paradise_R · April 9, 2023, 2:46am

One more HTB “easy” machine

I can’t deny it was an interesting one, I liked it very much, and for everyone coming, my main advices are “read the docs” and “read the repo”, both vulnerabilities for root and for user doesn’t have any public POC, and so you will need to make the payloads and hack it by yourself, it is a good learning opportunity in any way

And for anyone needing help, you can surely send me a message, R is always here

lim8en1 · April 9, 2023, 2:52am

Just rooted this box. It’s very easy and straightforward. Some hints:
user: play around with the post request
root: check what is running & try to get the source code. After you see what the vulnerability is, exploiting it is a piece of cake.
Root part was very fun, kudos to the author of the box!
PM me if you need any hints