Official LinkVortex Discussion

HTB Content Machines
58

That ■■■■ / got me too.

59

I am clueless when it is coming to how to get the username, but I am certain I have the password. Is anyone able to point me in the right direction?

60

Try to use the most obvious one and don’t forget you need email.

1 Like
61

the POC keeps throwing me this error:
[!] FAILED TO SEND THE EXPLOIT
Anyone know how to get past this?

NVM had to use sudo duh

1 Like
62

whatever use you are using on your local machine, you can avoid this by adding yourself to the /etc/sudoers file. Not really linkvortex based, but for general practice. :slight_smile:

1 Like
63

thanks! now I’m just getting errors in the POC now :smiling_face_with_tear:

64

To obtain the username, LFI using XXE seems unreliable. I was able to read one file that way, but not another. Now I can’t even read the original file using the same initial payload… I have XSS too, but not sure if I can get LFI that way… Any hints?

65

Do you have the password? the username is almost too simple. I had the username for a long time, but i did not use it the right way initially.

67

Do I need to decrypt the sha1 hash or is the password somewhere else?

68

There are no decryptions of hashes needed. Also hashes don’t get decrypted, they are reverse lookup since one-way operations.

70

What exactly is involved?

78

What kind of poc is this? can’t get anything but one file :joy:

79

Look into the commits again.

2 Likes
81

This box was honestly a lot of fun. The foothold was interesting, it took a lot of digging to find what was needed to get user. For everyone struggling with looking for stuff in the sea of dumped files, VSCode is your best friend. Everything you need is in those files.

The privesc was also really cool, very easy if you know basic Linux concepts. Great box 0xyassine!

image
image618×501 98.7 KB

1 Like
82

Finally got the user flag but stuck fining priv esc. any nudges?

83

I can’t even ping or nmap.

I’m using the VPN.

If i nmap:

Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-12-08 02:38 EST
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 3.05 seconds

If I ping:

└─$ ping 10.129.210.89                                           
PING 10.129.210.89 (10.129.210.89) 56(84) bytes of data.
From [me] icmp_seq=1 Destination Host Unreachable
From [me] icmp_seq=2 Destination Host Unreachable
From [me] icmp_seq=3 Destination Host Unreachable
From [me] icmp_seq=4 Destination Host Unreachable
^C
--- 10.129.210.89 ping statistics ---
4 packets transmitted, 0 received, +4 errors, 100% packet loss, time 3052ms
pipe 4

What is going on here?

EDIT: I’m a dumb dumb. Wrong VPN.

5 Likes
87
88

Thank you!
Honestly, I’m not entirely sure what exactly this kind of “privilege escalation” is supposed to achieve. Maybe I just don’t fully understand it yet. :slight_smile:

89

did you read the id_rsa or just the root flag?

4 Likes
90

I understood))
root flag