Official Seventeen Discussion

Official discussion thread for Seventeen. Please do not post any spoilers or big hints.

Can anyone help with a nudge for foothold? I’ve found the initial creds and am able to login to a service. But the endpoints on the service don’t seem to work beyond the basic page. Am I going down a rabbit hole?

Can someone give hint on where do i find user.txt?

Have you got she**?

Yea Im at geting root right now

Any nudge for root? I know I need to publish something to v********, but can’t get creds for it

hey i am new can anyone guide me what to do
i

I use sqli in s***** m******* on release machine and work fine, but now doesnt work ;(

Man, this box is starting to really annoy me. Got an initial shell but then if I try the exact same method again I’ll get forbidden errors on the shell… Changing the file extension and it loads just fine but doesn’t execute. Quite annoying

2 Likes

Hey someone can help me a little bit? Im stuck to get the first shell :frowning:

1 Like

need first step please help

i get user flag if anyone need help send me a message :stuck_out_tongue:

Is there anyone who has an hint on how to get from m*** to k*** for root? I tried to enumerate using the usual tools but nothing seems viable for lateral movement. Am I missing something?

Could someone DM me a nudge for getting from m*** to k*** user?
I’m kinda stuck at this point and don’t know what to do :melting_face:

I don’t understand. Stuck on root. Is this supposed to be Log4j exploit? Startup script itself is not exploitable>:-(.

Can anybody give me a little nudge ?

I have discovered the second DN* the em.se****.htb, I also know there is /v—r
directory but I can’t acces it, I can’t access any directory that I got from gobuster/dirbuster all I am getting are 404 errors or access denied.
I have also discovered the ./?p*****, but I have no idea how to go further

For those attempting to go from m*** to k***, (@HackSh00t, @CtrLC94 and others), take a close look at DB credentials on Node modules on m***. Same idea, different place. :upside_down_face:

I’ve been searching in the app node modules already and got nothing. The only place that I’m missing is the module that can’t be accessed. Are those creds hidden in a completely different place?