Official Overflow Discussion

Official discussion thread for Overflow. Please do not post any spoilers or big hints.

Just breaking the ice on this forum despite being stuck at the beginning :upside_down_face: :slightly_smiling_face:

1 Like

I am www-data. Now I’m stuck in the privilege escalation. Any advices !?

how did you end up getting past the login page? i’ve tested the vuln listed at the bottom of the blog page, but to no luck

Around 12 hours to get user.txt…
Making a break before hitting the last part!

First blood in 1h30 @xct ?!! Well done mate!! I’d love to ask you a question if you don’t mind?

Amazing box from start to finish, thanks a lot @Xclow3n :smiley:

You can PM me if you need help.

I’m on the last part before root…bypassed the enc. But, confused on what exactly we have to do now if the files we are trying to access are not accessible (if that makes sense).

The fact that folks just flew through this blows my mind.

… and rooted!
Wooo, I think that the box I spent the most time on :wink: … and …
… sadly (but that’s also learning), the one I had to ask several hints to get it over with!
Was happy to find foothold and both laterals … But I could never have made root without your help @camk ! Thanks a lot !
@walk → no it’s your turn to get root ^^
@Xclow3n → your box was great, thanks a lot

PM if stucked, after so many days, I now have a pretty good understanding of the box lool :wink:

2 Likes

My dude!!! Good job buddy!

1 Like

Finally rooted! This was a beast. Thanks @clure for nudging me through that very last part buddy. Thought i was messing up when the method actually worked out in the end. PM is open if anyone needs help with this box.

Overall, this was a frustrating box ( in a good way ). Learned a lot more about BE and a bunch of other goodies :wink:

Rooted! This was such a fun box. Quite challenging, as it was my first hard box, but absolutely enjoyable. I learned quite a lot and could use the things I learned on the binary exploitation track on HTB Academy.

Hi, can someone give me a hint to foothold, please? I can get admin cookie that reveals a link to cms, but couldn’t find any valid credential to login.

PM me if you want

Who can give me a nudge on the final step to root? It seems that I have everything set up but the file I want to manipulate is not changing…

Edit: I’ve rooted it eventually!

Great machine, learned a lot from it. Thanks @Xclow3n for this amazing machine, it was very educational.

Interesting machine. Thank you @Xclow3n !

FOOTHOLD : many distractions but one classic vuln for databases. Cracking is needed and don’t forget salt.

USER : a process is running as user. Simple to understand what is the purpose.

ROOT : a process running as root to debug.

1 Like