Official Sightless Discussion

HTB Content Machines
303

help me with root please :smiling_face_with_tear: :smiling_face_with_tear:

304

I have the reverse shell and I have the password of the user but I cant find the location of the user flag.
any hints would be appreciated

305

yeah, it was a hosts issue, resolved it after quite a while

306

please i try all but cant reead root.txt

307

you are trapped, try to get out. maybe there is some info or something on the shadows to go to the main lobby

308

any one can make privilege escalation from Michael to john to can read root.txt that is make me stuked to get root because Michael not has sudo privilege ā€¦ any help in that point i hacked Froxlor but stuked because Michael not sudo

309

Definitely an interesting box.

User: this was pretty easy, use Google, and then for ā€œprivescā€ you donā€™t need a script just think thatā€™s the first thing you look for.

Root: Weirdly, I could not get the exploit for which this box is named to work. But you donā€™t need to. Ask yourself: What is it you actually want and where is it? Treat it like an LFI instead. Cheating, perhaps? But it works.

1 Like
310

Look around Froxlor carefully, reach through each tab. Then remember what nmap said.

1 Like
311

ā€œresolved it after quite a whileā€? For me the error message still exists. Pretty depressing if this isnā€™t fixed soonā€¦

312

There isnā€™t a problem with the machine, try editing the /etc/hosts file

313

someone put root.txt in userā€™s home directory lol

314

I am receiving the below error , after i port forwarded froxlor to my localhost.
Can anyone help with this ?

Domain not configured

This domain requires configuration via the froxlor server management panel, as it is currently not assigned to any customer.

Please ask your provider/hoster if you have any questions.

315

I have the same problem did you find?

316

a hint to connect to the f**** panel?

317

a hint to connect to the f**** panel?

318

I have reached Froxlor and got stuck. I would appreciate any hints or advice to continue and log in to the form.

319

when i open localhost:*** why im getting localhost:****/notice.html not login page like i see at the localhost ctf machine ? anyone know ?

320

Couple of options:

  1. Update your /etc/hosts file with the new domain
  2. Create an intercept/replace rule in Burp to change the Host: header to the new domain
321

Iā€™m not sure I solved root the intended way. Was 2FA required? Because thatā€™s what I needed to complete the box. If not, can someone DM me how they did it?

322

Got it eventually. The user flag was nice and straightforward but I admit I needed some help on the 2nd part of the root flag after getting to the 2nd subdomain. Some may find it easier than me but I had a really rough time!

PSA: if you get to the end, after restarting, it may take about 3-5 minutes to see some changes!