Lol, needed files for calculation return an empty string through the LFI, this is the path I have been taking…
Rooted, finally.
Took a lot more time than usual with “harder” machines. I think it’s underrated 
Anyway, here’s my tips:
Foothold
Enumerate every port. Try to “extract” hidden things from file you’ve downloaded. That L** vulnerability is also useful in another place, maybe there’s a chance to edit application code?
User
Pivoting. This took me ridiculous amount of time, didn’t think of one, the most popular tool I guess. One thing that was not available now is.
Root
Try to look at processes running by root, one of them is suspicious.
2 Likes
I had a similar issue but only when I wanted to script the process. What if you try to exploit the LFI through other tools?
Hey everyone. I thought I’d throw some tips for this box.
Foothold: Reading is great, but not as great as writing your own software in my opinion! Also, code management software often have a lot of SECRETS to explore.
User: When one is in a bad place, it’s tempting to try to escape. I would instead try to leverage your position and simply pivot to a better heading instead. Maybe something you enumerated early on might now be accessible???
Root: Pay close attention to recently changed files and what’s running on the system. GTFOBins is always your friend.
Take care.
1 Like
Hello, how are you all. Someone who can give me a very small hand xd. Apparently with the file load, I achieve something that looks like a reverse shell, but I achieve this by modifying a file which causes the machine to crash until it is restarted and I cannot start it again, only by restarting.
1 Like
Do you have any tips for foothold? I’m in the exact same boat as you with coding skills.
I do actually recommend codeacademy. I bought the pro version and it’s awesome to use in tandem with HTB. You can learn Python and JS which help in webhacking.
can anyone please DM me on foothold, I have everything right and it is just not working. I truly just do not understand why this is even vulnerable. I can walk it all through on what I have done and everything, its just not clear to me.
Welcome to HTB!
Sometime it p*ss me off to not be able to do easy box.
After more than 2 days of working on it I finally manage to got the user flag.
Finally rooted after a few false starts.
I gotta say, this is one of my least favorite boxes recently. Really should have been rated a medium and the instability related to getting foothold was quite frustrating.
Plenty of hints already so I’m not going to provide any of my own.
Feel free to reach out with questions, but let me know what you’ve already tried. Good luck!
7 Likes
Hmmm I built my own, maybe there is the problem. Will check tomorrow with some automated tools for this case
i found a L** but what should i do next? someone can help me?
1 Like
Fun box. Very recent CVE related to the hidden port’s software made me to go in a rabbit hole for a while but overall fun box!
There’s plenty of hints already but you can pm me for nudge
Just got root finally! A quick hint if you get stuck on it, if you’re only using tools that take a snapshot of what’s happening on the system when you run the command, you might miss some of the important stuff that isn’t happening right then.
rooted!!! fun machine.
i use chisel for that. chisel + proxychain
I keep crushing the machine before i can input the P**, can somebody explain me why? I am just modifyng the u****.py file to give me a R******* S*****, thanks for any hint
upload / change content disposition v***.py change the v***.py add cmd
after that rev shell
Stuck on getting user on the docker, I found the open port, what can I do with that?
you will see something interesting in the files you downloaded from u****d.
after finding in the files you unzipped you will have an idea what to do with the port you found
I think I am too noob to understand whats interesting in the .*** or other parts of the download, culd you explain me in pm?