Official Cap Discussion

Why was root like a thousand times easier for me to find than user? I think my brain was 404 for 2 hours.

Type your comment> @Eklypze said:

Why was root like a thousand times easier for me to find than user? I think my brain was 404 for 2 hours.

Mate itā€™s not your brain thats wrong ok :smiley: Best case scenario is that people who looked there first are lucky. Worst case is writeups where sold before release. Need to test if I could make it in 3.5 min if I already know what to do now, like start release arena, connect vpn, ignore all standard scans and enum, go straight to the point of interest, use the thing found with the thing you need to use it with (programs and browsers also have some load time) then enter not on the obvious thing you found but on the next one straight away to save a few more seconds, copy paste that privesc in just under another minute, and lets not forget submit both user and root keys to the HTB interface. I think thatā€™s already a close call to make it to these blood numbers.

Why be frustrated? I was long frustated until I realizedā€¦ HAHA no f**in way man. If you do thorrough enum you did better not worse. How to know whereā€™s the thing? Couldā€™ve been everywhere, in any user input field, in some header, in some anon login, default creds, feel me? At best itā€™s luck, maybe little bit of experience on top but yeah you cant be sure so need to turn every stone so that takes time ok? lol cheers, chill! :smiley:

Type your comment> @x00future said:

got user pretty easy. root is making me thinkā€¦

lol, its a piece of cake, just do proper enumeration with your scripts, but I think that will take longer from the manual enumeration of the only thing thatā€™s on the server :wink:

rooted! canā€™t believe it took me another 2 hours to get root. That should have been one of the FIRST things I checked.

Great box. prop to @InfoSecJack for the fun afternoon.

Oh man, it took me a while to get root. I was stuck on it for so long, but once I actually figured it out, Iā€™m kicking myself as to how I didnā€™t think of it sooner.

This was a really cool box, and I learned a lot, especially in regards to the PE. Good stuff @InfoSecJack !

Nice and easy box, but a new priv esc for me which I enjoyed learning about, thanks InfoSecJack!

I enjoyed that box !!! I learnt a new way to privesc so easily !!! Feel free to ask for nudgeā€¦

Hint : think about the name of the boxā€¦

Type your comment> @LPHermanos said:

Type your comment> @Eklypze said:

Why was root like a thousand times easier for me to find than user? I think my brain was 404 for 2 hours.

Mate itā€™s not your brain thats wrong ok :smiley: Best case scenario is that people who looked there first are lucky. Worst case is writeups where sold before release. Need to test if I could make it in 3.5 min if I already know what to do now, like start release arena, connect vpn, ignore all standard scans and enum, go straight to the point of interest, use the thing found with the thing you need to use it with (programs and browsers also have some load time) then enter not on the obvious thing you found but on the next one straight away to save a few more seconds, copy paste that privesc in just under another minute, and lets not forget submit both user and root keys to the HTB interface. I think thatā€™s already a close call to make it to these blood numbers.

Why be frustrated? I was long frustated until I realizedā€¦ HAHA no f**in way man. If you do thorrough enum you did better not worse. How to know whereā€™s the thing? Couldā€™ve been everywhere, in any user input field, in some header, in some anon login, default creds, feel me? At best itā€™s luck, maybe little bit of experience on top but yeah you cant be sure so need to turn every stone so that takes time ok? lol cheers, chill! :smiley:

I wasnā€™t too frustrated. I noticed what I should have tested like an hour before I did. Well actually, I half-assed it and then came back to it.

But, I donā€™t think I could pop this box manually in 3.5min right now. I think Iā€™d need atleast 5, if I did all the steps.

im new to hacking , i though of trying this box , cant do ā€¦ but when u guys said this the the easiest box in htb ā€¦ i feel like im not fit for hackingā€¦ :disappointed:

Type your comment> @koushik777 said:

im new to hacking , i though of trying this box , cant do ā€¦ but when u guys said this the the easiest box in htb ā€¦ i feel like im not fit for hackingā€¦ :disappointed:

im also feeling like that

@akhilesh11 ur rank is pro hacker bro ā€¦ whats with u ?

Type your comment> @koushik777 said:

im new to hacking , i though of trying this box , cant do ā€¦ but when u guys said this the the easiest box in htb ā€¦ i feel like im not fit for hackingā€¦ :disappointed:

Donā€™t let it bother you or discourage you. Iā€™ve spent days on ā€œeasyā€ boxes and sailed through others in a few hours. Itā€™s very often just relative to your experience/background. Itā€™s fun to get a bit caught up in the first blood/top 25 list, but as others have alluded to already, being the fastest in a CTF wonā€™t necessarily make you the most thorough penetration tester (assuming thatā€™s the ultimate goal)? The ones that take the longest to solve (no matter what level of difficulty they are rated) often teach you the most and stick with you the longest afterwards.

Be the tortoise not the hare :slight_smile:

@CrimsonFlea tq for this , i will not stoping from now on ā€¦ can u guys help by saying ur methods of hacking ā€¦ i mean my method is ā€¦ first nmap , nikto , and note all the versions i got and go search for that version vulnerabilities.

Type your comment> @koushik777 said:

@CrimsonFlea tq for this , i will not stoping from now on ā€¦

Like most things, this is just really about building on experience.

Type your comment> @koushik777 said:

@CrimsonFlea tq for this , i will not stoping from now on ā€¦ can u guys help by saying ur methods of hacking ā€¦ i mean my method is ā€¦ first nmap , nikto , and note all the versions i got and go search for that version vulnerabilities.

Youā€™re in good company with nmap. I would guess that 90% start there as it can give you a great start with the right switches. For me, just learning to ā€œtry all the doorsā€ really helped. In other words, there wonā€™t always be a vulnerable service with a ready made metasploit module or an exploit hosted on exploit-db.com. Sometimes, itā€™s all about poorly configured services (e.g. anonymous FTP with write permissions, anonymous access to SMB, default credentials, etc). So, knock on all the doors and look through all the windows (even if it isnā€™t showing as vulnerable).

Lastly, early on my pride didnā€™t allow me to watch/read walkthroughs of retired boxes. I decided that was dumb :smile: Itā€™s super helpful to review how others work (IPPSEC comes to mind as one example). This is a learning platform after all. Good luck and have fun.

@koushik777 rank is nothing brooā€¦

Got user, looking for rootā€¦ does it have anything to do with s*** ve****n??

@CrimsonFlea yea tq dude , but i do watch ippsec videosā€¦ because i cant hack easy boxes too ā€¦ but i dont follow the steps blindly ā€¦i understand every step he does ā€¦so it takes like 4-5hrs for a box for me ā€¦ even its easyā€¦hope i improve and do box on my own.

Type your comment> @txer2208 said:

Got user, looking for rootā€¦ does it have anything to do with s*** ve****n??

Nope, revisit where you got userā€¦

Ok, this tooked me yersterday longer as expected. Foothold was roundbaout 1 hour and then i wasted almost 3 hours as nathan looking for some PE :cold_sweat:
But finally found it, never faced this PE before but learned a lot about it.