Official Overflow Discussion

system · October 23, 2021, 3:00pm

Official discussion thread for Overflow. Please do not post any spoilers or big hints.

walk · November 4, 2021, 9:18pm

Just breaking the ice on this forum despite being stuck at the beginning

0xidk · November 5, 2021, 10:06pm

I am www-data. Now I’m stuck in the privilege escalation. Any advices !?

walk · November 6, 2021, 10:04am

how did you end up getting past the login page? i’ve tested the vuln listed at the bottom of the blog page, but to no luck

clure · November 17, 2021, 12:31am

Around 12 hours to get user.txt…
Making a break before hitting the last part!

First blood in 1h30 @xct ?!! Well done mate!! I’d love to ask you a question if you don’t mind?

dragonista · November 20, 2021, 8:27am

Amazing box from start to finish, thanks a lot @Xclow3n

You can PM me if you need help.

walk · November 21, 2021, 5:58pm

I’m on the last part before root…bypassed the enc. But, confused on what exactly we have to do now if the files we are trying to access are not accessible (if that makes sense).

The fact that folks just flew through this blows my mind.

clure · November 23, 2021, 10:29am

… and rooted!
Wooo, I think that the box I spent the most time on … and …
… sadly (but that’s also learning), the one I had to ask several hints to get it over with!
Was happy to find foothold and both laterals … But I could never have made root without your help @camk ! Thanks a lot !
@walk → no it’s your turn to get root ^^
@Xclow3n → your box was great, thanks a lot

PM if stucked, after so many days, I now have a pretty good understanding of the box lool

walk · November 23, 2021, 10:31am

My dude!!! Good job buddy!

walk · November 23, 2021, 1:39pm

Finally rooted! This was a beast. Thanks @clure for nudging me through that very last part buddy. Thought i was messing up when the method actually worked out in the end. PM is open if anyone needs help with this box.

Overall, this was a frustrating box ( in a good way ). Learned a lot more about BE and a bunch of other goodies

iougiri · December 17, 2021, 12:06pm

Rooted! This was such a fun box. Quite challenging, as it was my first hard box, but absolutely enjoyable. I learned quite a lot and could use the things I learned on the binary exploitation track on HTB Academy.

j0rg3k · January 13, 2022, 7:48pm

Hi, can someone give me a hint to foothold, please? I can get admin cookie that reveals a link to cms, but couldn’t find any valid credential to login.

subtilis · February 3, 2022, 12:48am

PM me if you want

subtilis · February 3, 2022, 12:51am

Who can give me a nudge on the final step to root? It seems that I have everything set up but the file I want to manipulate is not changing…

Edit: I’ve rooted it eventually!

D00M5D4Y · February 13, 2022, 5:37pm

Great machine, learned a lot from it. Thanks @Xclow3n for this amazing machine, it was very educational.

dylvie · March 23, 2022, 5:22pm

Interesting machine. Thank you @Xclow3n !

FOOTHOLD : many distractions but one classic vuln for databases. Cracking is needed and don’t forget salt.

USER : a process is running as user. Simple to understand what is the purpose.

ROOT : a process running as root to debug.