Rooted. Thanks @pizzapower for helping with a scanning tool.
My best recommendation for foothold is to set up that environment yourself. Works like a charm after that 
Done,
Good box, not very fun, but iāve learnt a couple if interesting thingsā¦
What payload to use for rev shell? Only touch command seems to work, nothing else is working.
Type your comment> @pswalia said:
What payload to use for rev shell? Only touch command seems to work, nothing else is working.
DM me if youāre still stuck.
Type your comment> @PapyrusTheGuru said:
Type your comment> @pswalia said:
What payload to use for rev shell? Only touch command seems to work, nothing else is working.
DM me if youāre still stuck.
i stuck at the same partā¦
You may have the right payload but it doesnāt work straight away as other payloads do. Thereās caching involved, etc, so it might take a few more steps to actually trigger it.
The vuln can be hard to find. For what is worth, when a vulnerability has a CVE documented by NVD, itāll show up after a search here: https://nvd.nist.gov/vuln/search - so worth a shot to see if there are potential candidates in there.
The usual 2cents:
Foothold/User: CVE has a PoC showing the way to generate a valid payload - look at the code to figure out where to use it
Root: while doing your usual check youāll realize what this is about - and youāre a couple of commands from root
If anybody cared to set up the whole environment locally, other payloads will not work. > @Timdb said:
Type your comment> @PapyrusTheGuru said:
(Quote)
i stuck at the same partā¦
If anybody cared to set up the whole environment locally(like me), other payloads will not work locally. But everything works on the box. I was trying to reproduce everything locally but none other than ātouchā seems to work. So do it directly on the box itself. Now I am trying for the root.
Type your comment> @iWillBeFamous said:
got some hashes canāt crack them thoā¦
me too
The box is very slow tonightā¦ ssh connection take so much time (yes Iāve put a public key in it) and broken pipe occurs a lotā¦
Spoiler Removed
For the timing issue, iād recommend that you use the mobile app version with time synced there. I couldnāt get anything on my machine to work, even with perfect synchronization.
Just Rooted. Learnt 2fa implementation. Good box. Pm for hints. Thanks to @ruskii and @zweeden for hints.
rooted! nice one!
Type your comment> @aimforthehead said:
keep getting Error āOperation not permittedā while writing config" after
entering the T** code. anyone have any idea ?
Itās time based. Try to sync your box as close to the HTB one as possible. If not, use the mobile phone app - this worked for me.
Rooted !
My first box !
Lot of fun and rage ! I feel very stupid about the right escalationā¦
Rooted, PM for hints.
Rooted. If you need some help, DM me.
user: very easy. search cvss and get shell
root:time is ur friend. Itās very frustrating.
gl next
I know some people built their own env over using the poc, Iād like to see how thatās done if someone could dm me.
Having problems getting root. I found the time based thing at home but I canāt find anything that seems to use it. Appreciate if anyone can help!