Official Drive Discussion

Official discussion thread for Drive. Please do not post any spoilers or big hints.

Any hints so far ?

vhost is drive.htb :clown_face:

4 Likes

:scream: :scream:

No spoilers, please. :face_with_hand_over_mouth:

first blood is about to get drawn at any second now after this huge hint gg

1 Like

It’s a hunch, but getting foothold might be easy, i’m just blind …

Box might need to be taken down, looks like it’s allowing external services to be ran on it. A user is leaking data out of a folder on an instance I’m on.

Now they are just blocking access to anything not 80. Ridiculous.

use release arena vpn

Esta maquina me hace sentir un inutil, no encuentro una pinga.

2 Likes

No clue, some hints?

Rooted! This was more of a medium box if you ask me.

Hints if you need them. Hope I strike the fine line between vague and helpful.
Foothold:

  • Take control, it’s not like the webapp cares too much. Question is, of what?

User:

  • Source code is the key to my heart, and to the path forward.

  • Something should stand out. Practice on a softer variant of the target before you do the harder method.

  • If you notice a pattern, use it. Optimization is mandatory if you don’t want to have to wait two days to be done user.

Root:

  • You see a lock? Look within for the key.

  • The attack you’ll be using is popular on websites, but sometimes it applies locally. This is one of those times.

  • It’s tight and tedious here! But given the circumstances you’re in, you’ve got a new, obscure power an app shouldn’t have.

If you’re still stuck, and you’re sure you tried everything you know and could imagine, feel free to drop me a PM.
EDIT: Remember, explain what you did and where you’re stuck! Don’t just ask for a hint without doing that first.

9 Likes

How long did you have to run hashcat? I’m doing this on my holidays and my puny laptop sounds like it’s going to fly off somewhere lol.
Edit: I got it, thanks, I was missing one step, that’s why it wasn’t obvious

1 Like

Like I said: you gotta optimize. Reduce the wordlist to the set of the likeliest candidates.

Today is Sunday. Sunday is hacking day. Happy hacking everyone.

3 Likes

:cowboy_hat_face:

Interesting box, mostly due to the fact of having so many options, alternate paths, to actually finish the box. At least 3 ways are possible, or that I know of. As of this, rooting can seem to be very frustrating but challenging nonetheless. The user part is pretty straightforward and steps are clearly outlined if you know what you’re doing, but the root part really is about tinkering around. I’d say the difficulty rating is appropriate, tougher than a solid medium box.

Getting user really is about looking around, fuzzing, enumerating, understand how the app works, finding some interesting things. Working around those lines to get one step further and foothold. Remember you did find something on initial scans that you couldn’t access yet, do something about that, now that you’ve set your foot inside the box. Look around again. Now steps will be clear of what you need to do and why. Dig deeper and work with the new information. And that’s it.

No real advice can be said of rooting, just analyze what you will find there. Pick one of the attack vectors you think you master the best, probably your first hunch is the best way to go forward. And focus on developing that, see how it works, why it does not work, adapt and fix. Fine tune it. GL.

Free for DMs - but as usual, be patient with response, and please do explain what you did and where you stuck, and if you don’t get reply it’s because of incoming packets on the stream… :upside_down_face:

3 Likes
Time.Estimated...: Thu Nov 02 01:13:17 2023 (17 days, 5 hours)

:heart_eyes: :joy:

Hello, everyone. I need help with the root part. Can someone help me?

I had to put quite strong password just to register the website. :sweat_smile:

1 Like