I found a way to get a reverse shell and I’m inside the container with root permissions. Clearly there is nothing here and by doing an ARP you can see that there is a 172.17.0.1 reachable in the network. In fact, by pinging you can reach it.
I would say that it is necessary to do some pivoting but, I really don’t know where to start. The problem for me is: is there something that makes me understand how I should move for pivoting?
I have tried to connect in ssh but there is no ssh, I have tried several things and it tells me it does not find them. I am totally stuck in pivoting. I found the credentials on the code but for now I still don’t know where to use it.
I’m trying with Chisel, but when I do the command I get ./chisel not found
GO is platform independent, you can build it for many platforms.
Only for development you need GO to be installed.
It is translated to C++ if I remember right.
try using chmod to make sure the program has execute permissions
or you can try my suggestion in a previous comment to use the socks4a proxy in meterpreter as an alternative to chisel
after rce I got a meterpreter session running. From meterpreter I used autoroute → use socks proxy → Then setup proxychains on your system. Foxyproxy + proxychains worked nicely from there on …
I have r***** s***, have spent a full day on trying to generate the p** for /c****** . I must have checked my work over 10 times, I am certain the variables I entered to get the p** are correct. I’ve used this exploit in other ctf and have had no trouble w it. Anyone know why the p** generating isn’t working? Did it work for anyone else? If so did you do something unusual to make it work?
way too much going on to classify as easy but maybe just my frustration speaking.
pro tip: enable hidden files in gnome files…
proud to get past the template and on docker, and even prouder to get the p**** working after spending hours grinding away at netcat httping. Spent too much time on root, had to cut my losses today. Feels like cheating I wish there was a way to purge points off my profile. Oh well on to the next one.
Having some troubles trying to run commands through L**. Able to traverse to the /e**/p***** and /e**/s***** files, and can also get binaries, but unsure where to go from there. Have the creds from the g** download as well, so just trying to figure out next steps. Anyone I can DM?
Hey, I am also stuck at the same point. Got all the information to generate the PIN using L** but the PIN generated is incorrect. Can someone please help me with this.
Struggling on this one. Able to get the LFI in order to read from the container, but honestly not sure where to go from here now. Tried uploading some files to overwrite others on the containers filesystem, but wasn’t having much luck. Found the hidden directory in the downloaded source zip, but didn’t really see what to pull away from that other than understanding the LFI. Not sure how to get the PIN either after reading some past write ups, as I couldn’t determine the machine-id for some reason… Feel free to DM me with some direction on ideas for how to continue! Thanks!
Did someone managed to get the pin? I am using the Github’s script but keep on generating wrong pin.
I have a doubt if I am using the right user and path.
Please redact if this is a spoiler. For me this machine was very hard, mostly because I forgot to do one important step which is enumerate completely (so for a good or advanced pentester then it will be easy because they are seasoned pros). Going down rabbit-holes obviously made my time shoot way up but if I just spent more time reading, rereading, rereading again what is present then I would not wasted so much time on the rabbit-holes.
finally rooted…HTB needs to rethink how they rank the difficulty on their machines this was stupidly hard for an “easy” machine.
But a very nice box creds to the creator!
