Official Hathor Discussion

Official discussion thread for Hathor. Please do not post any spoilers or big hints.

10 days have passed… and not a single message on the forum :thinking: !

If anyone can help me please, I’m pretty far (am I ? ;)) down the user road but still not there yet!

Thx :wink:

@clure Where are you up to? I could use some help with getting the .*** file type for user working.

I have a shell, I have user flag, but I’m stucked for few days now…

I’m working on getting the user flag and finding what’s next for privesc, I’ll let you know when I do!

Thx ! I have some leads but nothing concrete so far :frowning:
Where are all the other people?? :slight_smile: :slight_smile: :slight_smile:

Is the machine broken ? Keep getting 503 error on the site on all VPN servers

Great challenge so far, beside some small annoying things.

Samba connection under linux won’t work(maybe windows too?) for some reason, would be easier if it would.
For now I have a workaround for that … still ■■■■ annoying.

Got a basic shell because remote shell do not seem to work.
(I guess its because of windows defender and/or the firewall?)
I can execute anything I want with that basic shell, it is just annoying that way …
I’m curious … did somebody got a remote shell working in the early stage?

Great box, thanks !
Most of the box is about security evasions and bypasses.

Foothold
  • It’s under construction, so it is default
  • Even if you can’t see, it exists
  • Enumerate & read
User 1 & User 2
  • Default authent protocol doesn’t work, try the another
  • See which privileges you have here
  • You should go to the library
  • Maybe you have discovered it before, but some automatic jobs will trigger it for you
  • Make yourself the owner, evade the security and get a shell
User 3
  • Grab your flag and don’t forget to recycle
  • Analyse the G* folder again
  • You have some privileges in the folder, read closely the scripts and understand how to bypass security
  • One username in the box is a hint
Root
  • Now you have the results of these scripts in your local folder
  • Get some more osint about it and plugin your hacker Internal mind