Official Shibboleth Discussion

Official discussion thread for Shibboleth. Please do not post any spoilers or big hints.

1 Like

Alright alright, I’ve been on the machine for a few hours, I might have a idea but I’m not sure how to exploit it, may I have a hint please ?

didnt really get the time to play around… got possible path to fh… exploits are also there… but seems like nothing really hits the right spot. Will play around later though!

google is your best friend for the foothold - search for the service that you have found and look at the website for another acronym

##BF#pumkin## pass

[details=“Summary”] :wink:
This text will be hidden

Finally rooted. Very nice box. Learned 2 new things. DM on discord if you need a hand kavigihan#8518

1 Like

Nice machine, good enumeration is key for foothold, be precise with your scans. Had a lot of fun and learned new stuff. Thx to the creator

This is a fun box. It took me a while to realise the entry point but largely because I was overfocussed on the first enumeration. When the penny dropped and I checked a different protocol it worked well.

Rooted. This was a great box! Learned a few new tricks. Great way to relax from the harder boxes.

My hints are no different than anyone else’s:

  1. Foothold - Enumerate! Pay close attention to your scans. When it doesn’t show, scan it again.
  2. User - Look at the services shown by NMAP, one of them will give you the keys to get in the door. Once inside, poke around and see what you can do to make the system do things for you. It helps to review the service documentation.
  3. Basic enum and privesc techniques along with a (pretty cool) vulnerability for an application running on the box. It may not stick out, but pay attention and don’t overthink it.

PM for nuggz.

Really nice box.
RCE: enum till you find something odd, once you find that, google will lead you to RCE.
User: this one is really simple, try with whatever you find on your way to RCE.
Root: something is vulnerable for that you will need a way to access it.
If you still need help. Discord:- luckythandel#6053

and Rooted ^^
nice easy one, for a change!
PM if stucked


Rooted, that box was oddly easy for me. Progress, finally?

For those who still struggle to get a foothold on the box, double check your scans. I lost quite some time because my first scan didn’t show me the results needed to go further.

Apart from that, cool box !

Rooted. Getting to root was pretty cool and something i hadn’t done before.

Thanks for another box!

I rooted this box, but I think did it unintended. Can someone that’s rooted this machine please msg me? I’d love to compare notes to see what I might’ve missed.


I managed to get both user and root flags. But can’t submit them as they say they are wrong. I tried two different days and re-done everything from scratch.

I tried to submit both with and without HTB{} format, they always say it’s wrong.

finally rooted.
I have faced to issue: privesc doesn’t work before I restart the box. I have no idea how I can affected the system with my enumeration but it happened. Bear in mind if nothing works.

I have to admit, that this one was quite hard for me. Lots of tiny details do pay attention to. TIP for foothold: restart machine, if you are stuck. It is very easy to destroy some very important data by mistake while searching for stuff

I found relatively easily the intended foothold but stuck where to login for several hours… All of these because I misspelled the “shibolleth” when fuzzing :roll_eyes:
Use what you have and get a shell then login
It was nice, a refurbished old method, new to my arsenal in such way. The usual script won’t find it.

I am so frustrated! I am getting the reverse shell but it lasts for 2 seconds and the connection closes! I have tried different payloads and it’s all the same. … Does anyone have the same issue? Any suggestions? :axe: discord name: Helloer#5645 for help