Official Seventeen Discussion

Official discussion thread for Seventeen. Please do not post any spoilers or big hints.

1 Like

Can anyone help with a nudge for foothold? I’ve found the initial creds and am able to login to a service. But the endpoints on the service don’t seem to work beyond the basic page. Am I going down a rabbit hole?

Can someone give hint on where do i find user.txt?

Have you got she**?

Yea Im at geting root right now

Any nudge for root? I know I need to publish something to v********, but can’t get creds for it

hey i am new can anyone guide me what to do

I use sqli in s***** m******* on release machine and work fine, but now doesnt work ;(

Man, this box is starting to really annoy me. Got an initial shell but then if I try the exact same method again I’ll get forbidden errors on the shell… Changing the file extension and it loads just fine but doesn’t execute. Quite annoying


Hey someone can help me a little bit? Im stuck to get the first shell :frowning:

1 Like

need first step please help

i get user flag if anyone need help send me a message :stuck_out_tongue:

Is there anyone who has an hint on how to get from m*** to k*** for root? I tried to enumerate using the usual tools but nothing seems viable for lateral movement. Am I missing something?

Could someone DM me a nudge for getting from m*** to k*** user?
I’m kinda stuck at this point and don’t know what to do :melting_face:

I don’t understand. Stuck on root. Is this supposed to be Log4j exploit? Startup script itself is not exploitable>:-(.

Can anybody give me a little nudge ?

I have discovered the second DN* the****.htb, I also know there is /v—r
directory but I can’t acces it, I can’t access any directory that I got from gobuster/dirbuster all I am getting are 404 errors or access denied.
I have also discovered the ./?p*****, but I have no idea how to go further

For those attempting to go from m*** to k***, (@HackSh00t, @CtrLC94 and others), take a close look at DB credentials on Node modules on m***. Same idea, different place. :upside_down_face:

I’ve been searching in the app node modules already and got nothing. The only place that I’m missing is the module that can’t be accessed. Are those creds hidden in a completely different place?

Hello Mates!!
Is there anyone got root? I reached to the last k__i user and got what to look for LPE but everything seems dead end. Please DM… It has been 1 week stuck on this point.

same. so close to having root. Pretty frustering