Official Corporate Discussion

HTB Content Machines
1

Official discussion thread for Corporate. Please do not post any spoilers or big hints.

2

:beers:

1 Like
3

Apparantly no one has been able to gain user flag???

4

4 Likes
5

Anyone got a success in trying to connect manually to the ‘other’ protocol using w**t ? keep getting 502

6

any hints for foothold?

7

run away, save yourself from the pain :smiling_face_with_tear:

1 Like
8

I am struggling quite a bit too

9

Whiskey helps. Glad this one’s over. GG season 3.

1 Like
10

any hints?

11

Whiskey helps.

So does wine! Thanks to the box author a worthy sequel to Bookworm.

12

Yes, it was a really good box. But yes, it takes time, it’s definitely not a hit-n-run :smirk:

Good job @JoshSH. It turned out better than what I expected, tbh.

2 Likes
13

hey people, so I’m currently inside the people webpage. Found the “internal” networks but couldn’t find any vulnerable services in there for now. I have some ideas about how I can proceed within the people page but I couldn’t pull it off. So could i ask for some help on this

14

Just a final push needed to bypass for root can someone give me a nudge regarding that

15

bruh what the ■■■■ to do with this it role guy?

16

Got root! User was hellish and root was laborious.
Thanks to @akiraowen @JimShoes @elwrci @maza
Without your help it wouldn’t be possible.

3 Likes
17

Can someone help me get into P**x**x. i found the page linked in the CVE and am having trouble with the XSS

18

Thanks to @0xffffff , I can do the priv esc. Finally rooted after 6 days.

1 Like
19

rooted. still wondering if b********n was a rabbit hole or if I skipped something. Thanks to @0xffffff for the nudge.

1 Like
21

Rooted! Man, this box does not screw around. It’s very long-winded and the initial foothold is hard to find, but after that it gets real fun. Even when I was on the unintended or flat-out wrong path, I learned something new. Big thanks to @respawn for the hint on the foothold!

Hints for the foothold:

  • No shame in asking for help, but you may find it hard to breathe when you find the problem. Go somewhere with a little more breathing room.

  • The parameter we take for granted is now here to help you at the most opportune time.

Hints for user:

  • Get inside. You’ll find a lot more opportunities here, but you gotta look as far as you can.

  • Sharing is caring, and the people here LOVE to share. Something will stand out.

  • Answer’s practically out in the open, you just gotta take it and try it. Keep in mind that not all targets are equal.

Hints for root:

  • Why do I use DDG instead of Google? Because you can tell a lot about somebody based on what they search.

  • It’ll take some time, but if you know the process, you can find the secrets within. Even if the protected secrets are in a nonstandard format.

  • The nuts and bolts are revealed. But in a bookkeeping environment like this, what do you think the most common security mistake is?

  • You don’t need to know a secret in order to set it, but some secrets can’t be set.

  • Climb high, to the sky! Or at least to as high as you can get in a workstation. It’ll take some engineering to do that.

  • You couldn’t set a secret, but now you can definitely steal one. Mount yourself on your horse, take it, and charge to the master!

  • Protect your duplicated secrets, you heathens. How many times do we need to have this talk?

2 Likes