Official Forgot Discussion

HTB Content Machines
66

Rooted.
I don’t think I would’ve been able to do it without a few subtle but well directed nudges.
I think the main thing that dissuaded me from the right path was how abysmally slow this box was, and how often things would reset. Whether it was intentional rate limiting or just a really poor setup, it made enumeration and discovery so unbearably boring and unnecessarily difficult. I can see why so many people have dropped the box while still only in the process of enumeration.
Privesc on this box was legitimately the only fun part of the process, it was different and it was really interesting.
The only real advice i can give you for this box is to:

Not only 1. take the name of the box to heart but 2. act as if this was a real website, what attacks would you actually use against a production server to bypass authorization? I found portswigger’s learning materials regarding authorization / authentication to be really helpful on this box in particular. Also, search up every version of software you find, whether that be in the source code or traffic headers.

69

I am still struggling to get access to disabled page, can anybody help please PM

70

Check what current user can do. dm me if you need more help

1 Like
71

Thanks, let me try that, if I need any help, will PM you

72

Can you help me here? I’m also stuck with this. Not sure what to try next

73

I got a user, and see the possible escalation path. When I test run the script on some payload (just to check what it does), it says: “Could not load dynamic library 'libcudart.so.11.0”. Is it expected?

Hate this machine so much… :frowning:

74

I spent most part of my day creating a script, so I thought I wasn’t going to be able to solve this machine until tomorrow because of the previous comments, but in fact I could even faster than my previous ones :flushed:

Getting root was a funny thing, I never expected that to make my privesc work, it had to be as sussier as possible :sweat_smile:

If anyone happens to need help with this one, you can surely call me, R is always here :heart:

75

Finished this box at last. A big thanks to @shadowtree for the hint on getting the foothold! :slightly_smiling_face:
Getting the root flag was very easy though.
If anyone needs a nudge feel free to PM me :smiley:

76

I found creds but ssh is not working…
am I missing something ?
somebody could give me a clue what could block me with ssh ?

this box drives me crazy … :exploding_head:

77

finally rooted that ■■■■■■ box :exploding_head:
First part is very annoying, but when you get the tricks it’s simple !

the hardest part was the ssh login (I know it shouldn’t) before I realise some bizarre procedures with letters…
second box where I had a very useful help from @lim8en1 ! after “interface”
root was much more quicker and easier

1 Like