Official discussion thread for Inject. Please do not post any spoilers or big hints.
hello, is it available already? because i get network error when spawning
errors here aswell
yeah me too
Do you still have problems ? My error message is Machine is not yet available.
Same here… even by trying other VPN profiles
Edit: I see that machine is up from 19 utc, so I have to wait a bit
The topic name is injection, but I can’t find the injection point, there is only one place to upload, but it is restricted by many suffixes，which brother can do it ，please PM me
For me, at least, this was not “easy”. It took me about 8 hours to root.
That being said, I absolutely loved it. I learned a lot and had a lot of fun. Great box!
Is anyone having problems accessing this machine? I have added inject.htb to my hosts. I can’t access it over IP or url. When I ping it, it’s up and running. I can run nmap on it, but I can’t access the web page?
Check your nmap results carefully
check the port
Thanks guys. Weirdly I did try the port and it didn’t resolve. I tried it again now and it worked. Thanks for the fast responses!
Took some time, but finally could complete this machine
It is not the hardest, just has some unknown vulnerabilites, privilege escalation was considerably easier, all the payloads are easy to find on internet, and even arriving late, it was still possible to complete it in little time falling in just one rabbit hole only because I forgot something, I would say it is an easy one
But aside from everything, if someone ends up needing help, you can surely send me a message, R is always here
This box was not that easy from the outset.
Testing the webapp for all functionality, leads you to find something that you can control to get an unintended output.
But this is not the targeted path (spent quite some time here), it’s there for you to enumerate the underlying web application itself. (If you use the wappalyzer extension, you will notice it doesn’t have much to show). @Paradise_R mentions this above, once you realise what it is look for vulns that came out together. Where one got overshadowed by the later one.
Path to root was pretty easy once you see what is being done automatically and what you can do as user.
Gain as much information as you can about the services that are running, their version, running as what user, then google is your friend. Easy machines are pretty straight forward and there are less rabbit hole.
It’s not an upload vulnerability right?
Got user. I’m not that good at PrivEsc. Can anyone DM me for hints to root?