which page? DM if you want any nudges
Owned. Very easy and fun machine with clearly path. DM me if you need help.
Iāve found the user flag, but when I try to provide it on HTB website I get āError - Incorrect flagā.
Anybody else got the same issue?
Iāve tried reverting the box but still the same issue.
1 Like
Hi!
Everyone writes that it is very easy to gain a foothold, but that this does not apply to me)
I went to the āAdministrator Dashboardā with great difficulty, Googled what vulnerabilities might be on it and found nothing.
Maybe I need to find something else besides this panel?
Push my thoughts in the right direction, please!
Rooted. It took some time to find a foothold.
A hint: machine name
Not sure if this is a dumb question but does anyone have an idea why the administrator is not reviewing my āhacking attemptsā?
Payload seems to be working, but letās just say I donāt see any reflection on āthe other sideā.
EDIT: Turns out it was a problem with the Network Configuration on my VM.
Changing āAdapterā to āBridged Adapterā solves the issue, in case anyone has the same problem.
2 Likes
Besides this panel, what else do you already have available, and what can you do with it? Donāt overthink it; try the simplest things first.
1 Like
Rooted, let me know if you are stuck
Did anyone by chance rooted the machine with the privesc vector that has the āāheadlessā flag in it, just by curiosity?
I rooted by the same mean as anyone else, but after accomplishing it I tried it that way and couldnāt get it.
I port forwarded to the same debugging port through SSH, and could even visualize it in the browser, but could not connect to the device in that port via the browserās debugging capability.
Iām stuck at something that should work but it doesnāt. Please dm me
Anyone else having an issue with the page /d******* ? I used to be able to use it but now I get an error 500. I already tried resetting the machine but I get the same error.
I know itās supposed to work because a few days ago I owned the user with it.
Really hope someone sees this before the machine gets retired
Fun fast box!
Try deleting your history so that youāre not loading your page out of a cacheā¦
1 Like
Very fun machine. Message if you need help.
hello, I have a problem the administrator does not look at my hacking attempt, yet my payload works.
hello i have the same problem but im not on a vm
I rooted the machine although I have a question why the XSS to steal the cookie is possible at all. To be more specific I wonder why I can trick the server to send me the admin cookie when I send the right payload. Usually javascript is only executed on the client side, no?
Please dm
Hi,
Could you get it to work? Iām having the same issue, I deleted my history, cookies and site data, and resetted the machine, but I still have this errorā¦
Yeah, I deleted all my cache, closed the browser and then tried again. This worked for me thankfully