Official Compromised Discussion

Official discussion thread for Compromised. Please do not post any spoilers or big hints.

No ports are open. Is it a tech issue?

yes, but if you respawn an instance it should be good to go.
about…
now.
:hushed:

I have some ideas but none of them are working so far, gonna try harder.
Just putting it here in case someone wants to exchange ideas.

no clue if its intended or not… in (what i thought is the correct path) you can render the webapp completely useless by providing a vq*** file, and i cant reset it anymore :expressionless: rip

Very confused, seems like this could be really straight forward, but it isn’t quite working yet hm.

I got webshell but I can’t get reverse shell :(, any hint?

Rooted, interesting path for root.

wow nice box, going down a certain CVE path that has to do with vq**** stuff - not sure it’s right path - both first bloods by one of the best in htb - wasn’t really expecting to emulate that, especially after starting over 1.5 hours late…but, very engaging so far… :wink:

^ im battling with the exploit myself, everything seems to be right for me but then it just doesn’t work.

Im at a bit of a loss, i found the exploit, but no matter what my shell will not work. Any tips?

found a CVE , but fail to add , is it wrong way ?

Still stuck on the foothold. Found a CVE but it needs creds I can’t find to save my life. Any nudges ?

Type your comment> @CyberVaca said:

I got webshell but I can’t get reverse shell :(, any hint?

This box does not allow network connection…
ssh is here the “key” "gen"erally :wink:

thank you @D4nch3n - nice box!

Type your comment> @Raekh said:

Still stuck on the foothold. Found a CVE but it needs creds I can’t find to save my life. Any nudges ?

me,too

Spoiler Removed

@FTNTT said:

@Raekh said:
Still stuck on the foothold. Found a CVE but it needs creds I can’t find to save my life. Any nudges ?

me,too

Enum, enum is all i can say.

@Caracal For low level people “enum enum enum” doesn’t help. If it’s something we missed, okay. But I’ve been sitting in the l*g folder for a while, and I simply don’t have knowledge to distinguish what I can use or not. I’ve tried getting the authors to hydra, hijacking the cookies, but nothing.

Type your comment> @Raekh said:

@Caracal For low level people “enum enum enum” doesn’t help. If it’s something we missed, okay. But I’ve been sitting in the l*g folder for a while, and I simply don’t have knowledge to distinguish what I can use or not. I’ve tried getting the authors to hydra, hijacking the cookies, but nothing.

yeah true. so, youre on the right path.
check again what you got, maybe something that does not get rendered in source code files :slight_smile:

@Raekh i am in your situation :wink: bashing my head against what i have