really stuck after getting the (hopefully complete) userlist. any nudge on getting password(s) would be appreciated
Type your comment> @theonemcp said:
really stuck after getting the (hopefully complete) userlist. any nudge on getting password(s) would be appreciated
same here
Rooted both User and Systemā¦User is not who you think it isā¦
man this initial foothold is really kicking my ā ā ā lol seems like we only really have access to one thing and its a very basic thing that doesnāt seem to expose any useful info other than a few usernames. Canāt find any public exploits regarding it and even tried installing it on my own machine to explore, but the only interesting files there are not accessible on the HTB machine. Struggling to understand where people can have found credentials
Type your comment> @VbScrub said:
man this initial foothold is really kicking my ā ā ā lol seems like we only really have access to one thing and its a very basic thing that doesnāt seem to expose any useful info other than a few usernames. Canāt find any public exploits regarding it and even tried installing it on my own machine to explore, but the only interesting files there are not accessible on the HTB machine. Struggling to understand where people can have found credentials
pb.
Type your comment> @VbScrub said:
man this initial foothold is really kicking my ā ā ā lol seems like we only really have access to one thing and its a very basic thing that doesnāt seem to expose any useful info other than a few usernames. Canāt find any public exploits regarding it and even tried installing it on my own machine to explore, but the only interesting files there are not accessible on the HTB machine. Struggling to understand where people can have found credentials
Iām stuck at the same situation, I have usernames but I have no idea how to use them. Nothing seems to work. Any nudge would be appreciated!
I have found āvalidā credentials, but not sure how Iām supposed to leverage themā¦
User Flag in the booksā¦
And away we go @user0n3 @SanderZ31 ā¦ Lets see how long it takes to get a root flag. <poured myself a tall beer because i am sure this will be a long bumpy ride!>
Root- done.
Got user but struggling to pass to the second userā¦ Anybody has a nudge?
Spoiler Removed
On my way to root! Kudos @SanderZ31 !
Yeah Iām also in the same boat.
I have usernames and have exhausted my options. Even been checking past machines! Nothing seems to work. Any nudge would be appreciated!
Is it just me or does something constantly reset the passwords of the account(s) that we have a password for? The passwords need to be changed, so I change the password and can successfully access some things but literally 20 seconds later it has changed back. I assume this is to make sure the box stays functional, but its making it super awkward to actually get anywhere for me and I feel like Iām cheesing it by resetting the password every few seconds. Doesnāt feel like the intended pathā¦
Rooted! Cool box, enum has to be decent to get foothold. Enjoyed the privilege escalation part - a neat trick for real world if it comes up.
@VbScrub said:
Is it just me or does something constantly reset the passwords of the account(s) that we have a password for? The passwords need to be changed, so I change the password and can successfully access some things but literally 20 seconds later it has changed back. I assume this is to make sure the box stays functional, but its making it super awkward to actually get anywhere for me and I feel like Iām cheesing it by resetting the password every few seconds. Doesnāt feel like the intended pathā¦
I wrote a script that automates the changing part and then this allows you to use the credential for open services. Once you are connected, you donāt need the password.
@pudii said:
I wrote a script that automates the changing part and then this allows you to use the credential for open services. Once you are connected, you donāt need the password.
Trouble is for me thatās not true. When I access S** or L*** with the new credentials, I get kicked out as soon as the password gets reset. Guess I need to look at connecting in some other way.
EDIT: Managed to just do quick enum between password resets and found the info I needed to get user flag
rooted. Fun box. I have also enjoyed priv escalation.
Cool box, learned some cool new things!
Type your comment> @VbScrub said:
@pudii said:
I wrote a script that automates the changing part and then this allows you to use the credential for open services. Once you are connected, you donāt need the password.Trouble is for me thatās not true. When I access S** or L*** with the new credentials, I get kicked out as soon as the password gets reset. Guess I need to look at connecting in some other way.
EDIT: Managed to just do quick enum between password resets and found the info I needed to get user flag
You can connect by something else
Root! Required some coding. Fun box!