Official Investigation Discussion

yep sure

Just rooted the machine, i would say that its a bit annoying with all that poking around but overall i liked it… For anyone stuck feel free to drop a PM


Any hint on what to search thru the log file? :slight_smile:
Edit: got it

1 Like

Pretty good box I think. DM me if you need any hints

1 Like

I’m stuck on the log file
Does someone have any hint on that plz

Rooted !!

1 Like



Use your linux tools for the log, it will make the search a little easier


The dragon will guide the way


:mag: ROOTED :mag_right:

Entertaining and easy machine :grin:

Send DM if u need help :hugs:

ROOTED :partying_face::partying_face::partying_face:

Category: CVE and Reversing (basics)

Initial foothold: The web maintain a service with a vulnerable component. Its pretty straight-forward - when you reach it you will bump into a basic filtering (mentioned here couple of times) - to bypass it just use another techniques that not involved the blacklisted thing. (its took some time to figure it out, but when you are you will feel stupid of how easy is that)

User.txt: One of the greatest things to do when you start the OS enumeration internally is to check what other users participated and what files they are owned - when you reach it you will need to investigate it not in a proper way (if you are familiar with that) but read the messages to get the lead.

Root: Its seems pretty clear, do your regular things - it will lead you to some tool. As mentioned above use the dragon + if you more familiar with other languages, ChatGPT to convert it, its straightforward there.

1 Like

Rooted and I think this machine is releatively easy among other mediums.

The Reviews in web site is really funny :rofl:. I like the jokes about exiting Vim and good memories


This box was fun, both user and root flags need a “forensic” investigation approach. Look at @devi4nt’s post above for some nudges.

On the user, there is a common mistake that users make which can end up leaking something important.

1 Like

Rooted :green_heart: fun to investigate.

hey guys! i got the root user but htb doesn’t recognize flag. what’s a problem?

I’m new to reverse engineering, I got the dragon open, but still can’t seem to wrap my head around how the c*** function works, and how we can control that; am I on the right track? I’m able to bypass the initial checks and enter the main part of the program, but still can’t seem to control anything

edit: Finally got it!! Many different perspectives are key when understanding what the program does! One size does not fit all

Second pwn today :flushed:
I felt like I was up for another machine and Investigation was a pretty fun one, except for the long minutes reading logs until I discover that I could just search for key words :face_with_monocle:

If someone happen to need help in this machine, I can readily help anyone, just send me a message, R is always here :heart:

root@investigation:/# id
uid=0(root) gid=0(root) groups=0(root)

This was alot of fun! Definitely more on the easy side.

Foothold: Basic web enum will lead to an exploit. 8x8 leads the way

User: For once, hiding failures is a good thing

Root: Ride the dragon, ChatGPT can help if needed

Not sure how you guys are happy after going through 800k lines of log code. Honestly, I couldn’t come up with a practical way to do this and had to use a walkthrough. Absurd.

I get where you’re coming from, but at the same time, the “lightbulb moment” was a really satisfying part of this box.

The most helpful (if cryptic) tip for the log analysis stage was from @D3s1h4ck5:

right thing in wrong place

I knew what activities I was seeing in the log, but It took me scrolling through many, many pages for the penny to finally drop and think about how to filter the log for that “right thing/wrong place”.


Do you mind sharing some of your methodology in DMs? I’ve finished the box but this was the part that stumped me, and I eventually just started searching for keywords. Took me 2 days LOL

What application did you use to view the logfile? I’m trying to stay on linux so it was just xml text for me.