To whoever is making the user flag readable to everyone, I hope you step on a lego.
2 Likes
after reading the contents of user and root flags they will not submit anyone else having these problems?
Finally rooted ! Never spent so much time on an easy machine, Iām still a beginner but I would have put it in medium machines. I wonāt spoil, but if I can help I would say that enumeration is the key just keep enumerating and it finally find interesting things ! PM me if you need help
Managed to get code execution (tested it by pinging my box). Came back after a while and it no longer works 
Tried to reset the box but itās not working at all EDIT: Nvm, Iām and idiot. Foothold is pretty straightforward
Iām stuck. I worked with all the CVEs but at RCE I alwas get json 404 response. I donāt get it.
nice box! Took me 2 days to get the root. Foothold - pretty tricky but I managed to get to s***** pretty quick and get RCE. Root - good You all wrote some nudges here so I knew where to look. And yes, the Ippsec video with a tool needed for this task is great. After getting to another āappā I found CVE fast and voila! Very nice box. Mad respect @wail99 I would consider this box medium. Tools are right there but not that easy to comprehend.
Type your comment> @Diddy512 said: > Iām stuck. I worked with all the CVEs but at RCE I alwas get json 404 response. I donāt get it. You should focus on finding the right CVE and then how to use it properly, itās a bit tricky
Type your comment> @esio said: > Iām a beginner but Iām stuck. Iām playing around website but I didnāt see anything in burp and gobuster. 
> Any hints? try enumerating the js files of the index page
Type your comment> @SkyStorm said: > found the login page but canāt seem to enumerate further. would appreciate any nudges 
search up for CVEs
ā ā ā Iām r00t!! And the machine name is a total rabbit hole btw. Thatās a good one ?
Rooted, nice box! Foothold/user: Enumerate well because this could save you time! Because I havenāt look thoroughly what I had in front of me I wasted lot of time (had some hard times using w***z and choosing the right w***l**t). Youāll discover a new place where as stated in the forum youāll be a couple of CVE away from gaining access (there are some good articles if you do some google-fu). Root: again enumeration of what resides in the box and googling. Had a bit of trouble using ch***l and choosing the right s***l in the exploit payload (very unstable, made in time to retrieve root flag. I could have done more properly but still got the hash) Thanks for the box
I managed to get a reverse shell but Iām still unable to read user.txt. Does the password for user is lying around in a file?
Hi, iāve been looking for a couple hours but iām stuck at the very first step. When I use the ip in my browser I get redirected to : horizontall.htb but I donāt have a website, only an error āServer not found, Hmm. Weāre having trouble finding that siteā. Iāve reset the machine twite yet nothing appear to help. Am I missing something or is it truely a bug ?
Maybe you arenāt supposed to view the site. Maybe there is something else to see. Use your tools. Think along the lines of, āWeb Enumeration.ā
I think the box is broken. Doesnt seem to be on HTB network for my VPN connection.
rooted. Root part was somewhat frustrating as the exploit kept failing for whatever reason. Everything worked fine after I resetted the box. Feel free to PM me for nudges, but please explain first what youāve tried so far
Foothold Interesting web enum that isnāt usually included on Easy boxes I though. Was a nice change from the usual web enum. User Just basic enum and reading what you have. Root So you found something interesting and maybe have cut or wore away at your attack vectors. Fun box, but I can see why people on the open machines were having trouble.
Type your comment> @BisBis said: > Hi, iāve been looking for a couple hours but iām stuck at the very first step. > When I use the ip in my browser I get redirected to : horizontall.htb but I donāt have a website, only an error āServer not found, Hmm. Weāre having trouble finding that siteā. > Iāve reset the machine twite yet nothing appear to help. > Am I missing something or is it truely a bug ? Did you add the ip into your /etc/hosts file ? How machines are accessible with domain name
I have a foothold and ssh access to the s****i user, but Iām having trouble escalating to the d*******r or r**t user. I found the admin hash in the database, but I feel like this is a rabbit hole. Can anybody nudge me in the right direction?
Type your comment> @limeeattack said: > I have a foothold and ssh access to the s****i user, but Iām having trouble escalating to the d*******r or r**t user. I found the admin hash in the database, but I feel like this is a rabbit hole. > Can anybody nudge me in the right direction? Exactly what Iāve experienced, therefore I did not lateral move and went straight to privilege escalation to root