Also massive respect to InfoSecJack for a fun box. I’ve been out of the game for a while studying for certs and working hard. This was just the warmup that I needed.
Respect.
SSH is not working for me. ???
Haven’t done a Linux box in a while. Super fun. For user, you can get what you need by using the name of the box to point you in the right direction; then it’s just a test of your curiosity. As some others have mentioned this is a great attribute to have! Look for a pattern and try a few things.
Path to root was fairly straightforward. PM me for a nudge. One thing I’m not sure of though is why we were able to escalate this way. By default this shouldn’t be allowed. Been poking around but haven’t found anything yet. Anyone got any ideas? PM me if so.
Cheers
Its been a while since I’ve done any boxes, but this was a great way to get back into it. Definitely a nice starter box!
User: The name of the box is a great hint. Focus there.
Root: Look at what you already know. Some developers are lazy. I won’t comment any more on it.
Feel free to DM me if you run into any issues. I’m happy to help with hints!
I wanna little hint about the “user flag”,
ftp anonymous login gives me “530 login failed”, vsFTPD 3.0.3 haven’t a common vulnerability,
dirb gives me nothing,
I saw that there’s a pcap file but I can’t get it, plz any hint :')
I got the pcap file but I don’t see anything interested on it, any hints ?
Type your comment> @CyberRobotX said:
I got the pcap file but I don’t see anything interested on it, any hints ?
Make sure you don’t have any filters enabled, I had and I couldn’t see what I was looking for. If no filters are on and you still can’t see the juicy stuff then… well, look closer because it’s literally just there !
Rooted <3
Rooted! Very easy one!
I literally cannot figure this box out - is anyone available to DM for hints?
Cap is a really nice box. Quite simple and straightforward box and it can teach some very interesting things. User: look around a little bit, you’re not going to need to be scanning anything at this point. Just look around and see if you can find some interesting thing that you need a fish to open. After that, remember: similarly to Python, sometimes 1 is not the first number you gotta think of. Root: also pretty straightforward. The name of the box says it all. A bit of googling (name of the box + OS + what you want to do, that is, escalate privileges) gets you there pretty quickly. You can also try understanding how the web app works and you’re basically gonna have to do something similar. If after all that you still need some hints, feel free to send me a DM. Have fun.
I found user but now I have a problem: I got kicked out and that particular service will no longer accept the username and password.
Root got me frazzled. Then You can imagine how irritated I was when I figured out I was in my own box (thanks TMUX).
Type your comment> @InsomniaNoir said:
I found user but now I have a problem: I got kicked out and that particular service will no longer accept the username and password.
Root got me frazzled. Then You can imagine how irritated I was when I figured out I was in my own box (thanks TMUX).
With a lot of looking around, feeling a little stupid, and hitting a dead end I finally hit root on this box.
I hate nathan
I have enumerated the system but got stuck on the foothold dealing with /d**a/#. Could someone message me and can tell them exactly where I am at and hopefully work out my thought process.
update Figured out the foothold finally… took me a minute to figure out but think of how indexing works in programs… Apologies if that might be a spoiler
Rooted !! Nothing to add hints wise, it’s already all been said. Well done to @szymex73 for the fast bloods !!!
Fun box…not crazy difficult, you just have to pay attention to the information available to you. A few good hints in the first couple of pages of this thread that should nudge you to the finish line.
■■■! i did it! 
Great box. Was my first active one! i´m so happy.
Does anyone have also problem with no accepting user flag?
Rooted! One of the easier ones I’ve rooted, but definitely had different vectors than usual. Most of the comments already cover both vectors pretty well. I’ll try to give my two cents… Delete if too detailed. User: HTB machine names usually have some correlation to their vulnerabilities. It helps to have experience in networking here. What tool could you use to identify a ■■■■ of a lot about a network at a very granular level? Root: I’ve never seen this method before. You probably won’t think to look for it off the top of your head. However, common privesc scripts should identify the way forward. Just do some Googling when you get the results. Hope this helps! Best of luck. Feel free to DM me if you need any hints.