Any hint for root? I managed to access the a*****.sightless.htb subdomain and i also found a hash related to F… service.
Is this the right way? Offline cracking take too much time…
Thanks
1 Like
To get the user flag, you should use Hashcat and hashes you might find.
For the root flag. I’d b happy to know, should I “wait” for Hashcat to get the right match for that hash?
2 Likes
i’m stuck with the tunnel (-L) … can seem to see it 
any hint please
Need one help, I am unable to access the sqlpad.sightless.htb but can access ht e sightless.htb website
1 Like
Don’t Forget to add adress on your hosts file;)
dynamic tunnels worked for me after putting in hosts
I did add but
like this
sightless.htb
Just insert a tab after that and type the second one with the sub domaine and it will be ok
This was an interesting box, more on the medium side.
The very last twist, oh boy, was banging my head for a bit there.
If anyone needs help, DM me.
1 Like
hi, i got into the root but i cant find the flag? can anyone reveal hint?
In /etc/hosts add 127.0.0.1 localhost admin.sightless.htb
Then we can do something like
ssh -L 8080:admin.sightless.htb:8080 <user>@sightless.htb
This worked for me, i am not sure it is the right way of doing or not
Also change the forwarded port 8080 to something else, orelse Burpsuite will cause issue, you know why …
6 Likes
Really struggling to find a way past a step after the pass I retrieved from the first foothold. Tried what I found so far in what’s been identified by nmap - how can I continue to make progress?
I love a box that blocks me after trying stuff forcing a reset, chrome is so fun!
3 Likes
Nvm - turns out I didn’t copy all of a line of text I found earlier. That got me another finding!
same, ideas?
Thanks!, now just gotta find those hashes 
1 Like
Any tips for root (from m***** user to root)? Linpeas shows a potential path for privilege escalation, but I don’t fully understand how to use it.
1 Like
Search for CVEs