Rooted. Wouldn’t mind having a chat with someone who got user without any hint / without reading the forum here.
There’s a specific detail that I really only got by a random guess based on what someone said here. I’d like to know how I should have figured it out the “proper” way so I can learn something.
Rooted. Wouldn’t mind having a chat with someone who got user without any hint / without reading the forum here.
There’s a specific detail that I really only got by a random guess based on what someone said here. I’d like to know how I should have figured it out the “proper” way so I can learn something.
Others may disagree, but here’s my opinion.
The specific part you are taking about is somewhat artificial. Although in principle the way you “discover”, “guess” or “modify” that type of data is a common style of attack, in this specific case you’ll only see it work that way in a (partly) ctf style box such as this one.
That being said, the learning experience of figuring it out is a valuable one if your goal is to learn and practice the tools and techniques of web pentesting.
I can get a shell, but I get disconnected after a few seconds. I tried a few things to work arount that but have been unsuccessfull so far. If someone has a few tricks to share that’d be cool
Edit : I was trying to get a shell on port 9001 and kept being disconnected. I changed it to port 1234 and now it works like a charm.
Man. This thing has been rough. I finally managed to get to user, but now I’m struggling to find a way to root. Any tips on how to better enumerate this type of box?
If anyone could drop me a message I am stuck on the foothold, done a lot of enum and tried changing things to get access to things. Will give more info over PM. Would be very much appreciated, thanks!
Finally rooted. In retrospect, is this box easy ? Yes, it is. There’s no crazy concept, no binary exploitation madness or 32 lines commands with a million options that you need to put in order so your computer doesn’t crash, but… It’s really different from what’s usual on HTB.
Anyway, thanks @polarbearer !
Oh and big thanks to @cool4coder who assisted me along the way
I learned a lot on this one. Thanks @polarbearer! A hint for root: pay attention to file types . As always PM me for hints or discussion. Helping others learn helps me learn .
I can’t seem to get anywhere on this box. Ran nmap and found a few ports. I also ran gobuster. Not seeing anything other then the log in prompt. Can I get a hint or a nudge?
I can’t seem to get anywhere on this box. Ran nmap and found a few ports. I also ran gobuster. Not seeing anything other then the log in prompt. Can I get a hint or a nudge?
Hi all. I’ve been running dirbuster, and it’s picking up a bunch (20+ so far) subdirectories from other directories. Am I going down a rabbit hole here letting it continue? Some of the items look interesting.
Hi all. I’ve been running dirbuster, and it’s picking up a bunch (20+ so far) subdirectories from other directories. Am I going down a rabbit hole here letting it continue? Some of the items look interesting.
Are you sure that dirbuster found something? Check the response codes.
Hi all. I’ve been running dirbuster, and it’s picking up a bunch (20+ so far) subdirectories from other directories. Am I going down a rabbit hole here letting it continue? Some of the items look interesting.
Are you sure that dirbuster found something? Check the response codes.
Ok so I have come across a page that tells me to use a command to provide some information. But I’m having trouble trying to get the command to work. A nudge by you more experienced folks would be appreciated!