i found the admin account and pass for the service on 8080, now idk what else to go for, btw this machine is being real slow for me, takes to long to respond, is that the case with everyone? and pls let me know what to do now, i have the creds of admin on 8080
I can execute some commands, but havenât been able to get a shell yet
ahh no way! I need to figure it out
if you can execute commands you can probably extract shadowfiles using âcatâ
then ssh? from there? maybe?
I have no clue
Yeah, I wasted a lot of time trying to get a rev shell, but youâre on the right track
If you have successfully logged in the web app on port 8080, find the system settings and investigate the database
Sometimes, getting reverse shell isnât the easiest way to get a foothold. There may be an exploit or security oversight that is more fruitful. Same with getting root flag sometimes.
Any hints for foothold? I canât get past authenication on the portal after trying all sorts. Might be wasting time on that
Started 6 hours a go after I came home back from the weekend, FUN BOX! I really enjoy it!! I love GO and Rust 
the first part was easy, the second part was harder but was fun! a lot of moving pieces that knowing GO helps a LOT specially with last step! Happy Hacking!!! careful on the rabbit paths/holes!
4 Likes
Congrats!!!
1 Like
Yoooo hold up, wait a minute. My brain is growing. I can feel the closed captions guiding me.
Edit: Just kidding
Rooted! That was not a hard box at all, in fact for me itâs exactly medium. But there are some rabbit holes, so itâs easy to get lost and waste some time until you realize youâre going down the wrong path.
Hints for user:
-
It ainât the main you want.
-
Fresh install. So fresh, in fact, that a vital step in the security setup was missed.
-
A DB is used for accessing data. Not just the data youâd expect.
Hints for root:
-
Rootie McRootface, my boy, youâre doing some interesting stuff!
-
To know what that interesting stuff is, you need to go back to the source.
-
Dive in, and you will see the systematic weaknesses that youâll bend to execute your will.
-
Sometimes I shop at Value Village, but for now Iâve got a different thrifting in mind.
If youâre still stuck, go ahead and DM me, but make sure you tried everything you could. If you think youâre stuck, you may have just hit a rabbit hole.
5 Likes
I can now login at the portal, but still cannot access one of the functionalities.
Can somebody give me nudge?
I would read some notes 
Rooted, once you find your way around the rabbit holes, a fairly easy box for normal HTB âhardâ standards.
2 Likes
Finally, was able to get a reverse shell
1 Like
I dont understend why this box is âhardâ.
the hardest part was that box is toooo slow.
1 Like
Not so difficult.
Crazy people you are. I started Monday morning 4am around and still struggling with foothold :')
2 Likes
In hindsight wasnât that hard, but man, so many rabbit holes to dig through.
Machine would have been nicer as medium/easy box without the services and telegraphed vulns that lead nowhere
1 Like
im so lost in these rabbit holes. I cant get out xD