Official Love Discussion

Type your comment> @Exci said:

Rooted. IMO not the easiest box based on the amount of attack surfaces. Root was a lot easier than user.

How does someone get user in 8 mins? It probably took me longer than that to find a working rev shell :smiley:

By organizing notes and tools.

Rooted!

User

  • Don’t waste time and threads!
  • Focus on the results came from tools :wink:

Root

  • A tool can #suggest it for you :wink:

Rooted. But I’m not sure this is the right way.

  • I tried to use the exploit several times without success for the final part. For most people this still works, not sure if it’s been patched.

  • This box is very frustrating especially the root part, but I learned new things. If you need help, always available to answer your questions. :wink:

Fun little ‘easy’ box for people new to HTB to learn from. I don’t know if I just spend too much time doing web challenges but I didn’t have much trouble with foothold.

My Windows local enum is so weak, so it took a while before deciding to switch to a popular script to speed up the search and as soon as I saw and recognised the Windows 101 escalation vector, I kicked myself and got SYSTEM right away :slight_smile:

I need to do more Windows boxes!!

Type your comment> @whitewhale said:

Fun little ‘easy’ box for people new to HTB to learn from. I don’t know if I just spend too much time doing web challenges but I didn’t have much trouble with foothold.

My Windows local enum is so weak, so it took a while before deciding to switch to a popular script to speed up the search and as soon as I saw and recognised the Windows 101 escalation vector, I kicked myself and got SYSTEM right away :slight_smile:

I need to do more Windows boxes!!

Did you look at the Ap******r rules?

It must be easy to me but I couldn’t find the way. Can someone give an advice with spolier on DM

Anyone willing to ping me with a nudge on footholds? I’m still learning (only been doing literally any hacking for about a month, if that). I’ve done all of the enumeration i can think of and dig into pretty much all of the subdirectories. i even did some sql enumeration for way too long. I definitely feel like I’m over thinking this and a nudge would be very helpful.

For user :
Think basic and look at your nmap.
Try to analyze the service’s functionality and understand what could be done along with what’s exposed and whats not.

For root:
Easy privesc … use your scripts well and not much enum needed…

Have Fun!

Nice easy box,I like the foothold I didn’t think about it in first place and forgot about some other services running so had some time banging my head but overall I really enjoyed it

is it normal, that I have all ports filtered? ?? this is first time that I face such a prooblem

just rooted: thank you @OldProgrammer for the root part.

rooted. any help. just dm. as always :slight_smile:

Type your comment> @Doncrek said:

is it normal, that I have all ports filtered? ?? this is first time that I face such a prooblem

Make sure that you are connected to the correct VPN package.

Rooted, it was a fun easybox!

Foothold/User: read carefully output from initial enumeration. After you understand what you can do, be curios to see where you can look into. When you arrive in a certain place the steps to gain access to box are simple, basic exploit

Root: classical enumeration script will let you know where to look into. There are several ways to conclude, all documented in google.

Thanks for the box!

Great Box. Root is straight forward (follow your process)

#User

  • Enumerate what is out there
  • You may get access denied… but does everything get 403ed?

OK Rooted. As been said before root easier than user. Must be a multitude of ways in but you can do the whole box with a popular framework in about 2 mins.Fun box tho, enjoyed it.

Rooted!

C:\Users\Administrator\Desktop>whoami
whoami
nt authority\system

User

Keep it simple, read your scan output. You’ll find something that helps analyze everything you’re seeing initially. Once you find the first big clue use that information to auth and then normal enumeration should grant you a user shell. Remember to read exploit code!

Root

As mentioned earlier, the vegetable will lead you to success. Make sure to read every line. Once a certain ability sticks out click the associated link and the example will be right in front of you. :slight_smile:

Feel free to PM for a nudge.

Spoiler Removed

Feel free to DM if you are stuck with a full explanation to what you did

Managed to root this yesterday evening… argh!!

The actual foothold isn’t hard once you get the right path. Root is very simple once you do your standard parts. Be careful to not go too far down the route of breaking ha… i mean hearts… that’s only going to cause you pain later.