Check the exploit in detail, make it understand how it works, you will get the shell.
Finally got root, ■■■ didn’t need to port forwarding, just think about the most classic command to escalate
hahaha i’m with you, man
finally got it down it was easy when i took a step back to analyze 
Message for nudges!
congrats, buddy
For initial access - I’m curious as to why the rev shell theme was already present on this box. Was the contact form that allowed a call back just a distraction? In real life, would this be a case of a dev leaving a back door?
1 Like
wondering the same thing, is this kinda a trap where it would be activated by a dev or whats the deal here.
This is a nightmare of a machine.
- The something which is hidden inside a theme, literally the theme? I would never expected that unless I read all the comments on this discussion.
- The something says that it will upload and then it will execute something but it does half the job and I took its word for it that yeah it must be doing what it says but its not :')
- Rooting(priv esc) was much less pain than the first nmap scan to sqlmap the password field combined cause I can’t get the foothold.
If you are feeling you can’t solve an easy machine without hints. You are not alone
5 Likes
maybe the “real” case will be that you find a rev shell that someone already added using that exploit. Because that rev shell is added using the exploit, is not something for dev
1 Like
Maybe im just dumb, but what im not understanding is how the exploit is triggered. I can only assume that someone logging into the admin page can trigger it, either that or im drastically missing something.
EDIT: When the box is reset the page is already on the system… prehaps were supposed to leech off the page on the server?
any nudge on getting root
It is already there HTB/Author missed validation or clean up scripts. It should not have been there - that is why even if you reset the box, it will always be there.
HTB will patch this box once season is over.
1 Like
Hello you all,
I solved the box also. Pretty hard for the foothold.
I did you guys find the hashtype ? I found it on this discussion but I can’t find a tool that works for me.
Thanks
XD
1 Like
Its really a hard one for me
1 Like
hashid show the correct hashtype, and then just grep from hashcat -h
Very easy one, indeed.
1 Like
Once i got the software running it was smooth sailing
That was an unintentional way 
There is a way to exploit, the rev shell was placed by mistake.
2 Likes