I’m looking for places where I can get a reverse shell on that port. but I don’t know if I’m going in the right direction.
yeah i was looking too. Now looking to see if you can somehow execute commands through the git repos
i found the admin account and pass for the service on 8080, now idk what else to go for, btw this machine is being real slow for me, takes to long to respond, is that the case with everyone? and pls let me know what to do now, i have the creds of admin on 8080
I can execute some commands, but haven’t been able to get a shell yet
ahh no way! I need to figure it out
if you can execute commands you can probably extract shadowfiles using ‘cat’
then ssh? from there? maybe?
I have no clue
Yeah, I wasted a lot of time trying to get a rev shell, but you’re on the right track
If you have successfully logged in the web app on port 8080, find the system settings and investigate the database
Sometimes, getting reverse shell isn’t the easiest way to get a foothold. There may be an exploit or security oversight that is more fruitful. Same with getting root flag sometimes.
Any hints for foothold? I can’t get past authenication on the portal after trying all sorts. Might be wasting time on that
Started 6 hours a go after I came home back from the weekend, FUN BOX! I really enjoy it!! I love GO and Rust the first part was easy, the second part was harder but was fun! a lot of moving pieces that knowing GO helps a LOT specially with last step! Happy Hacking!!! careful on the rabbit paths/holes!
Congrats!!!
Yoooo hold up, wait a minute. My brain is growing. I can feel the closed captions guiding me.
Edit: Just kidding
Rooted! That was not a hard box at all, in fact for me it’s exactly medium. But there are some rabbit holes, so it’s easy to get lost and waste some time until you realize you’re going down the wrong path.
Hints for user:
-
It ain’t the main you want.
-
Fresh install. So fresh, in fact, that a vital step in the security setup was missed.
-
A DB is used for accessing data. Not just the data you’d expect.
Hints for root:
-
Rootie McRootface, my boy, you’re doing some interesting stuff!
-
To know what that interesting stuff is, you need to go back to the source.
-
Dive in, and you will see the systematic weaknesses that you’ll bend to execute your will.
-
Sometimes I shop at Value Village, but for now I’ve got a different thrifting in mind.
If you’re still stuck, go ahead and DM me, but make sure you tried everything you could. If you think you’re stuck, you may have just hit a rabbit hole.
I can now login at the portal, but still cannot access one of the functionalities.
Can somebody give me nudge?
I would read some notes
Rooted, once you find your way around the rabbit holes, a fairly easy box for normal HTB “hard” standards.
Finally, was able to get a reverse shell
I dont understend why this box is “hard”.
the hardest part was that box is toooo slow.
Not so difficult.
Crazy people you are. I started Monday morning 4am around and still struggling with foothold :')