Hello everybody, how did you figure out that that password was for that email, what was your reasoning? Without getting tips from here I’d have never figured it out.
how did u find emails
Hey Team,
Looking to get some help, ive got a shell using the POC.
But getting stuck from here because I can only do the /etc/passwd
guys really any help in the poc i can only read /etc/passwd
how did u get there?
Hey Mate,
Make sure you do deep recon on the webserver.
1 Like
For user:
To get username use your brain and common sense. Sometimes you miss what’s in front of you.
For password look around a bit on the website. You might find interesting things and open files.
For the shell access, look at the docker files. You might wanna “read” them.
any hint for the poc script?
To get the shell, the script you found on the net will work.
I just found all the flags, this machine is clearly not easy, the difficulty level is definitely hard, there’s an error in the difficulty rating on HTB. Additionally, there are clearly illogical things, I tried several ways to enumerate the server and only one wordlist worked. The privilege escalation is extremely complicated, thankfully the AI is here! In the end, I learned nothing from this box, just frustration.
5 Likes
can you dm about poc script how to make it work
Nice tip
bro how u get root file with that script help me
I cant find the user for the PoC script, how can i find it??
low hanging fruit, think easy 
i mean how to read more than /etc/passwd
Any hint with privesc? im trying chaining and variable setting but script doesnt export de root.txt
I’ve been looking around, Maybe the process is in a chroot-jail or some ACL stuff is enabled and thats why we can’t read files besides /etc/passwd. I dont know enough about Linux privesc but thats the best guess.
1 Like
Just change the file location and that’s it. The real question is which file location you will have to use. Refer to the hints I dropped above
Found something interesting thanks.
1 Like