Official Drive Discussion

I can see your files and reverse shells at public dashboard. Please don’t hack me :sweat_smile: I am just looking at different type of reverse shell and cmd files that you have uploaded :grin:

1 Like

hello,good day!!
could some1 help me in the foothold I’m so stuck
I have been hacking for 2 hours

same, but I’m on this situation since yesterday … I hate myself ;(

keep hacking, don’t give up!!!

3 Likes

any tip for user, reverse shell file, brute force some account, fuzzing?? help pls xD

Fuzz what you can fuzz. There is an “unrestricted” function out there, which looks a bit odd. As @Chainmanner said above, you can “take control” and the webapp does not seem to check or care … :wink:

Don’t think too much about fancy payloads and getting a reverse shell. For now think “information disclosure”.

1 Like

should i crack these hashs of the database “pbkdf2_sha256”, cuz for my laptop it will take 4 days??

On any HTB machine bruteforce with rockyou should never take more than 5 minutes. If it does it means its either uncrackable or you are missing some information to reduce the size of the wordlist.

In this instance its the second case.

1 Like

Just to add to above, the hash crack took me 0:00:01:17 (pbdf2_sha256) after reducing the wordlist.
On a 12 year old laptop…
without a GPU.

So don’t give up if your getting bummed by the hash crack, your missing something.
Thanks to the author for thinking about it.

Pretty sure I saw you on my instance “tasty” :stuck_out_tongue:

1 Like

hello, need help in user, please!!
send dm

Finally got user.txt after the advice from @Chainmanner. Thanks a lot friend!

For the others struggling with foothold and user so far:

The foothold it’s not as complicated as the “Hard” classification for this machine makes it seem to be (don’t get me wrong, it was hard for me and i did not even start privesc yet). The thing is, i wasted a LOT of time going for some overcomplicated stuff. Don’t do it. Its kinda simple to get the first access, but the vulnerability is on a specific point, it’s not everywhere. Exaust your options on the web app. This is about the vector, not the attack.

After foothold on to user.txt: Read @Chainmanner’s advice earlier in the topic. It’s golden.

hey bro, got somthing with the overflow ?

till tomorrow, and see what else to try out

Yeah, I am stuck too on getting user.txt.

If anyone could message me with some hints, it’d be muchly appreciated! :slight_smile:

you don’t have to crack them…
maybe some other month will do the thing…

Regarding the cracking I collected all hashes of a specific individual (based on some assumption) and cracked using regular approach with same wl (in few seconds). No optimization of wl applied. Maybe It worked easily because I avoided useless hashes…

1 Like

not played for 1 days +/- … from around rank 120 down to 400 … how many id**t-proof write-ups are online ?

who are in the root part?

Don’t you think this comes from the amazing HTB community helping each other? :wink:
(Ok, might be a bit naive, here…)