Official Love Discussion

HTB Content Machines
#177

Hi I don’t usually come over to the forums asking for help but I am completely stuck trying to find initial foothold I’ve found the service everyone is talking about via the nmap output I’ve tried enumerating the directories/files but most are forbidden. I also enumerated the ad**n directory using gob*r and I managed to read a file that showed a ver ID but I have nothing else and I’m completely stumped. If anybody has any good resources to read up on that will help me get through this blockage it would be much appreciated.

EDIT:
No worries I got some help from the discord I can’t believe that I was so close but forgot to use something from my n**p

#178

I found the box very finicky, so if what you think you are doing should work for root and it’s not, try a reboot, as after wasting a bunch of time, what I was doing worked the very first time after rebooting.

heh, I hesitate to mention this because I don’t want to lead anyone down a gopher hole, but I got user by changing stored info because I completely missed the easier intended method.

#179

Spent the whole night trying to get into it. Here are the hints

User: If you’re like me and looking into various services or injections, that’s not the way to go (or maybe it is an unintended way who knows). Scan thoroughly, go through the results with a fine comb, maybe even adjust the normal flags you’d use in your standard nmap scans.

Root: If you’re using our pride and join, metasploit, it’s pretty easy to do, you just gotta ELEVATE the privileges.

Fun box, loved it. If anyone is stuck please ping me, will reply in a few hours, have to go to sleep right now

#180

Fun box.

User: Use all you have in scans.

Root: With metasploit is very easy to exploit, enumeration key, as always

For any nudges DM.

#181

That was so nice after a long break from HTB! Easy and fun box, but it’s easy to get stuck on some rabbit holes. Feel free to send me a DM if you need a nudge

#182

Nice box! Learned a few things and got a lot better at using different tools.

Foothold

Do not get stuck in the rabbit hole that I did on the web piece. Return to your nmap scan and keep things simple. Make a simple config tweak and observe the new avenue you have opened! From here, enumerate until you find a way in. Found a new piece of functionality that you do not know how to leverage? Maybe it can be used differently from how you're thinking about it.

User

Fairly simple once you find a way in. Basic reverse shell work.

System

Far easier than user. My difficulty was in achieving a stable shell and finding a good way to read the output of the tool I used. This tool is extremely commonplace for Windows privilege escalation; you will know what it is. Simply read the output carefully and Google for an article that demonstrates how to use the exploit; it is very straightforward and takes little time at all to execute.

Please feel free to DM me for hints!

#183

The administrator is much easier than the user, even without any tools.

I got some hint on the user, and I’d like to know why? what’s in the scan tells you how to do what you should do on the initial foothold. Anyone to explain? (DM please to avoid any spoilers)

#184

Rooted, I really enjoyed this Easy box.

For foothold, if you know of this type of vulnerability you may have an easier time; if not, it’s a good learning opportunity and an opportunity to test creativeness. Shout out to Pentesterlab.com for the assist :wink:

#185

Rooted

I have a question, why i cant use mysql ? is there a sintax to check the db ? thanks if some one want help me.

#186

@NFire0111111 said:

Rooted

I have a question, why i cant use mysql ? is there a sintax to check the db ? thanks if some one want help me.

It depends what you mean about using MySQL. Was it running on this box?

#187

Hey i’m a bit stuck, can somebody PM me ?

#188

Rooted!
Very cool machine to make but I had some problems on w…s… and I needed to restart the machine a few times.
user you need to enumerate and keep an eye on the return of the ports you find.
root there are several ways to get scaling. I found the user more difficult than root.

If anyone needs help can give me a nudge pv.

Enraizada!
Maquina muito legal de se fazer porém tive alguns problemas na w…s… e precisei reiniciar a maquina algumas vezes.
user é preciso enumerar e ficar de olho no retorno das portas encontras.
root existem diversas formas de conseguir escalar. Achei o usuário mais dificil que o root.

Caso alguém precise de ajuda pode me dar uma cutucada pv.

#RecifePoxa!

#189

Rooted successfully, Easy box
Enumeration is a key.
DM for nudges

#190

could someone give foothold?

#191

got user and root. Strange machine lol :slight_smile:

#192

I am not getting the meterpreter reverse shell… it always dies cananyone tell why… without it I am unable to run local exploit suggestor

#193

Hi everyone,

I have a question regarding PE. It’s the second time (different boxes) I upload winpeas on the target, but “nothing happens” when I run it. I mean not exactly nothing, but my shell becomes unresponsive and I have to ctrl+c…
Do you have any idea why?! On the last box I tried with different versions (winPEASx86, winPEASx64, and winPEASany.exe).

Thank you and happy hacking!

#194

Having Trouble on Foot hold, if anyone has the time a DM would be amazing

#195

Help please,
I found the user’s flag on the Desktop directory, but when submitting it, there is an error of incorrect flag… seems weird.

#196

Question, when I locate where I need to go from Nmap, the server seems down? Any Help Would Be Appreciated