Why was root like a thousand times easier for me to find than user? I think my brain was 404 for 2 hours.
Mate it’s not your brain thats wrong ok Best case scenario is that people who looked there first are lucky. Worst case is writeups where sold before release. Need to test if I could make it in 3.5 min if I already know what to do now, like start release arena, connect vpn, ignore all standard scans and enum, go straight to the point of interest, use the thing found with the thing you need to use it with (programs and browsers also have some load time) then enter not on the obvious thing you found but on the next one straight away to save a few more seconds, copy paste that privesc in just under another minute, and lets not forget submit both user and root keys to the HTB interface. I think that’s already a close call to make it to these blood numbers.
Why be frustrated? I was long frustated until I realized… HAHA no f**in way man. If you do thorrough enum you did better not worse. How to know where’s the thing? Could’ve been everywhere, in any user input field, in some header, in some anon login, default creds, feel me? At best it’s luck, maybe little bit of experience on top but yeah you cant be sure so need to turn every stone so that takes time ok? lol cheers, chill!
lol, its a piece of cake, just do proper enumeration with your scripts, but I think that will take longer from the manual enumeration of the only thing that’s on the server
Oh man, it took me a while to get root. I was stuck on it for so long, but once I actually figured it out, I’m kicking myself as to how I didn’t think of it sooner.
This was a really cool box, and I learned a lot, especially in regards to the PE. Good stuff @InfoSecJack !
Why was root like a thousand times easier for me to find than user? I think my brain was 404 for 2 hours.
Mate it’s not your brain thats wrong ok Best case scenario is that people who looked there first are lucky. Worst case is writeups where sold before release. Need to test if I could make it in 3.5 min if I already know what to do now, like start release arena, connect vpn, ignore all standard scans and enum, go straight to the point of interest, use the thing found with the thing you need to use it with (programs and browsers also have some load time) then enter not on the obvious thing you found but on the next one straight away to save a few more seconds, copy paste that privesc in just under another minute, and lets not forget submit both user and root keys to the HTB interface. I think that’s already a close call to make it to these blood numbers.
Why be frustrated? I was long frustated until I realized… HAHA no f**in way man. If you do thorrough enum you did better not worse. How to know where’s the thing? Could’ve been everywhere, in any user input field, in some header, in some anon login, default creds, feel me? At best it’s luck, maybe little bit of experience on top but yeah you cant be sure so need to turn every stone so that takes time ok? lol cheers, chill!
I wasn’t too frustrated. I noticed what I should have tested like an hour before I did. Well actually, I half-assed it and then came back to it.
But, I don’t think I could pop this box manually in 3.5min right now. I think I’d need atleast 5, if I did all the steps.
im new to hacking , i though of trying this box , cant do … but when u guys said this the the easiest box in htb … i feel like im not fit for hacking…
Don’t let it bother you or discourage you. I’ve spent days on “easy” boxes and sailed through others in a few hours. It’s very often just relative to your experience/background. It’s fun to get a bit caught up in the first blood/top 25 list, but as others have alluded to already, being the fastest in a CTF won’t necessarily make you the most thorough penetration tester (assuming that’s the ultimate goal)? The ones that take the longest to solve (no matter what level of difficulty they are rated) often teach you the most and stick with you the longest afterwards.
@CrimsonFlea tq for this , i will not stoping from now on … can u guys help by saying ur methods of hacking … i mean my method is … first nmap , nikto , and note all the versions i got and go search for that version vulnerabilities.
@CrimsonFlea tq for this , i will not stoping from now on … can u guys help by saying ur methods of hacking … i mean my method is … first nmap , nikto , and note all the versions i got and go search for that version vulnerabilities.
You’re in good company with nmap. I would guess that 90% start there as it can give you a great start with the right switches. For me, just learning to “try all the doors” really helped. In other words, there won’t always be a vulnerable service with a ready made metasploit module or an exploit hosted on exploit-db.com. Sometimes, it’s all about poorly configured services (e.g. anonymous FTP with write permissions, anonymous access to SMB, default credentials, etc). So, knock on all the doors and look through all the windows (even if it isn’t showing as vulnerable).
Lastly, early on my pride didn’t allow me to watch/read walkthroughs of retired boxes. I decided that was dumb It’s super helpful to review how others work (IPPSEC comes to mind as one example). This is a learning platform after all. Good luck and have fun.
@CrimsonFlea yea tq dude , but i do watch ippsec videos… because i cant hack easy boxes too … but i dont follow the steps blindly …i understand every step he does …so it takes like 4-5hrs for a box for me … even its easy…hope i improve and do box on my own.
Ok, this tooked me yersterday longer as expected. Foothold was roundbaout 1 hour and then i wasted almost 3 hours as nathan looking for some PE
But finally found it, never faced this PE before but learned a lot about it.
Best case scenario is that people who looked there first are lucky. Worst case is writeups where sold before release. Need to test if I could make it in 3.5 min if I already know what to do now, like start release arena, connect vpn, ignore all standard scans and enum, go straight to the point of interest, use the thing found with the thing you need to use it with (programs and browsers also have some load time) then enter not on the obvious thing you found but on the next one straight away to save a few more seconds, copy paste that privesc in just under another minute, and lets not forget submit both user and root keys to the HTB interface. I think that’s already a close call to make it to these blood numbers.
It’s super helpful to review how others work (IPPSEC comes to mind as one example). This is a learning platform after all. Good luck and have fun.