Hi all!Would anybody who has done foothold already be willing to confirm whether or not the box is still working as intended?
Iāve tried quite a number of different requests, and have also received a nudge confirming that what Iāve been doing is more-or-less the right way, but sadly no luck so far.
The previous comment from @dragonista makes me think there might be an issue with the first step at the moment, but I canāt be sure as I havenāt yet made it past that point.
Edit: All good! The machine seems to be working correctly. I was doing something wrong.
Rooted! Iām a newbie in HTB so this was my first challenge to insane box. I was a bit worried about whether I could beat this box in my own way but managed to do that. I learned a lot of things especially about how to use *** and *** (because Iām not an IT engineer) in the middle part and late part. The hardest for me was the vary late cause the system gave me an output which was not expected for me.
Foothold: Everyone already have a hint from n*m* of this box. Even without that, you can easily detect a vulnerability on this box by googling.
User: Nothing to say
Root: You may need to fight with some docs If you are not familiar with *** like I was so. In the very late, if you can be a strong witch, the goal is in front of your eyes.
@Spectra199 Look at burp and figure out what response youāre getting. The response and the nmap scan result combined should get you a exploit CVE idea online.
oh finally!
this is my first Insaneā¦ and yes it was hard box
finally got the user after hard work.
Foothold: some times server responds with unexpected behaviorā¦and there will be your golden fish!
User: itās real-lfie target search in every thing!
pm me for nudges!
thanks @ghostin8 for your help!
and @MrR3boot for this great boxā¦ keep it up!
Has something changed ? I wanted to do the box again to try something different and I cannot reproduce the foothold. I know some cookies have been removed but it seems like the vuln I exploited perfectly a few weeks ago just isnāt there anymore. I mean, I had saved the request, so I copied and pasted it, changed the cookies, and nothing happens.
Oopsie, it wasnāt working so I put it aside and forgot about that box. I did it again just now and everything was fine. Not sure what happened as I just copied and pasted stuff from my notes. Sorry if some of you got confused !
USER PWNED!!! Thanks @KRyptonZ for hints! PM me if you need nudge for user!
Now and f!ck!ng root pwned with my brain! Thanks for good machine @MrR3boot :3
When I try to get from the c*****, it doesnāt always work, like 1 in 10. but it works from the n***. Also, when putting the payload together, my own text never shows up neither in the c****** or in the n***. Anyone knows the reason? Thanks!
Finally rooted! My first insane box that I solved used the intended method! (Got lucky on Anubis when it first dropped). The foothold was honestly one of the most confusing parts, not super familiar with s**gli*g. Actually being on the machine I couldnāt really find anything from enumeration scripts, but the source code of the repo tipped me off to a new command to learn and use! Lotās of good stuff in there to take us to root! Great box, I had a lot of fun! Happy to help nudge others if needed, just PM me!
