Rooted! Had some trouble cracking the hash for some reason but overall quite easy and fun.
Well, I found it much more comfortable writing a few lines of PHP code to check that hash against the most common wordlist instead of using one of the two most famous tools available.
At the end of the day, we have the salt from two different sources.
That said, everybody follows what he thinks is the best route according to his knowledge.
For some reason both tools kept failing to find the password, then i run them on a different machine, same versions and same wordlist, and it just workedā¦ iām still wondering why
Definitely a fun box to work on.
Not much to add to what has been written before. It is pretty much all there if you need help.
PM me if you think you need help.
Man did I pack out laughing when I read that comment in the code.
Guess coz I still do ā ā ā ā like thatā¦ Not for production systems, rather for a quick hack to get a POC going.
Brilliantly funny.
I am trying to find the vulnerable file after i have logged in i may have found the vector but nothing i am trying is changing the result of the file. Can anyone assist me ?
rooted, though Iām not gonna lie, that hash was a nuisance
This was a fun box, and not very CTF like in my opinion.
Overall it was pretty straight forward. Hit some bumps on the hash cracking (Pay attention to your syntax and wordlist), but other than that, it was pretty straight forward!
PM if youāre stuck!
Does someone have problem with submitting flags?
I had root and both of flags, but htb service doesnāt accept this flags. Did someone have this problem?
i need help!
Yeah it happened for me too, idk why its happening
How to get the hash of m**** user, any hint please.
Pls someone help me to learn how to continue ā¦
iāve got a web user and read all the code from backup, guessed to find where is possibile to inject, but itās 12 hours that iām stucked here using burp, curl and trying to inject.
Please DM if you want to help me to learn
If you are looking for SQLi = wrong direction, take a look at something starting from e* in the source code. Hope this helps.
1 Like
i was very stupidā¦ forgot to āencodeā 
Finally rooted 
Trying to get user, but each time I try to connect to *b it tells me Access Denied, and Iām using the right creds, any help?
EDIT: Never mind I was using the wrong password.
How comes the login to the webapp is changing? I busted it but itās not working anymore. None of my wordlists is working for the login page now. What happened?
Ok, I finally got itā¦ Machine is shared and someone (some of you guys!) is playing around with the webappās credentials. Bruteforcing the login page wasnāt the real way inside.
Please guys, donāt do this as you are ruining the experience for othersā¦