yep sure
Just rooted the machine, i would say that its a bit annoying with all that poking around but overall i liked itā¦ For anyone stuck feel free to drop a PM
4 Likes
Any hint on what to search thru the log file? 
Edit: got it
1 Like
Pretty good box I think. DM me if you need any hints
1 Like
Hello
Iām stuck on the log file
Does someone have any hint on that plz
Rooted !!
1 Like
Rooted!
User:
Use your linux tools for the log, it will make the search a little easier
Root:
The dragon will guide the way
2 Likes
ROOTED 
Entertaining and easy machine 
Send DM if u need help 
ROOTED 
Category: CVE and Reversing (basics)
Initial foothold: The web maintain a service with a vulnerable component. Its pretty straight-forward - when you reach it you will bump into a basic filtering (mentioned here couple of times) - to bypass it just use another techniques that not involved the blacklisted thing. (its took some time to figure it out, but when you are you will feel stupid of how easy is that)
User.txt: One of the greatest things to do when you start the OS enumeration internally is to check what other users participated and what files they are owned - when you reach it you will need to investigate it not in a proper way (if you are familiar with that) but read the messages to get the lead.
Root: Its seems pretty clear, do your regular things - it will lead you to some tool. As mentioned above use the dragon + if you more familiar with other languages, ChatGPT to convert it, its straightforward there.
1 Like
Rooted and I think this machine is releatively easy among other mediums.
The Reviews in web site is really funny 
. I like the jokes about exiting Vim and good memories
4 Likes
This box was fun, both user and root flags need a āforensicā investigation approach. Look at @devi4ntās post above for some nudges.
On the user, there is a common mistake that users make which can end up leaking something important.
1 Like
Rooted 
fun to investigate.
hey guys! i got the root user but htb doesnāt recognize flag. whatās a problem?
Iām new to reverse engineering, I got the dragon open, but still canāt seem to wrap my head around how the c*** function works, and how we can control that; am I on the right track? Iām able to bypass the initial checks and enter the main part of the program, but still canāt seem to control anything
edit: Finally got it!! Many different perspectives are key when understanding what the program does! One size does not fit all
Second pwn today 
I felt like I was up for another machine and Investigation was a pretty fun one, except for the long minutes reading logs until I discover that I could just search for key words 
If someone happen to need help in this machine, I can readily help anyone, just send me a message, R is always here 
root@investigation:/# id
id
uid=0(root) gid=0(root) groups=0(root)
This was alot of fun! Definitely more on the easy side.
Foothold: Basic web enum will lead to an exploit. 8x8 leads the way
User: For once, hiding failures is a good thing
Root: Ride the dragon, ChatGPT can help if needed
Not sure how you guys are happy after going through 800k lines of log code. Honestly, I couldnāt come up with a practical way to do this and had to use a walkthrough. Absurd.
I get where youāre coming from, but at the same time, the ālightbulb momentā was a really satisfying part of this box.
The most helpful (if cryptic) tip for the log analysis stage was from @D3s1h4ck5:
right thing in wrong place
I knew what activities I was seeing in the log, but It took me scrolling through many, many pages for the penny to finally drop and think about how to filter the log for that āright thing/wrong placeā.
2 Likes
Do you mind sharing some of your methodology in DMs? Iāve finished the box but this was the part that stumped me, and I eventually just started searching for keywords. Took me 2 days LOL
What application did you use to view the logfile? Iām trying to stay on linux so it was just xml text for me.