Type your comment> @ori0nx3 said:
Type your comment> @nitinrkz said:
is there any file clean up running? my shell file disappears in minutes, not able to keep a stable shell
Automated cleanup is pretty common on HTB to keep things fair and fun for other players. Perhaps you could use your initial shell to quickly pivot to a more persistent, stable shell?
I merely have 15 seconds honestly ā¦ thatās goes by in switching windows itself 
Type your comment> @nitinrkz said:
I merely have 15 seconds honestly ā¦ thatās goes by in switching windows itself
Thatās plenty of timeā¦ You can always automate the process with a script (or even Burp Repeater), but it shouldnāt be necessary. Just make sure you have everything you need in place and ready when you upload.
Can someone PM me a hint for foothold? i have tried sending a phishing email but nothing came back.
@SirFIS said:
Can someone PM me a hint for foothold? i have tried sending a phishing email but nothing came back.
Look carefully at how you constructed this.
User was ā ā ā ā for me. Root took 10 seconds. Dm for nudge.
I liked this box, but Iām partial to python. User was a bit of a challenge. Root was straightforward. I always like using python. Thanks!
Iām stuck on the rev shell. I went fishing, which led me to the creds that I needed to get FTP access, but nothing sticks out for getting the first rev shell. A nudge would be very helpful!
Type your comment> @DaFoster922 said:
Iām stuck on the rev shell. I went fishing, which led me to the creds that I needed to get FTP access, but nothing sticks out for getting the first rev shell. A nudge would be very helpful!
I am stuck at this fishing part. From the page I found tons of addresses but I dont know how to proceed. Any nudge on this?
@htbuser01 said:
I am stuck at this fishing part. From the page I found tons of addresses but I dont know how to proceed. Any nudge on this?
Find out how to send an email to all those addresses with a link back to your machine, so that you can see when one of the users reactā¦
F I N A L L Y made it. This is the longest way to user I ever had to make. Therefore root is more that straightforwardā¦
@DaFoster922 said:
A nudge would be very helpful!
If you have access via that port, you can upload and download. One of the folders should relate to a site youāve found. You may discover that you can put data there.
hi i feel the port 80 is down , i reset the machine and still i dont see anything on port 80, is something wrong with the machine
@nigamelastic said:
hi i feel the port 80 is down , i reset the machine and still i dont see anything on port 80, is something wrong with the machine
If port 80 should be open and it isnāt then, probably, something is wrong with the machine.
If it is a very recent reset, it might just need a couple of extra minutes before the service fully starts up.
I feel like there are too many problems with this machine. First of all a number of people have already reported port 80 being down or only returning 504ās, then it being magically resolved 20 minutes later.
With the |phishing| I spent hours tweaking my script but I got no hits, only after resetting the box 2 times did it magically start to work (I wasnāt sure if the previous reset wen through)
Right now, I canāt continue with the box because the main nginx server is returnign 500 errors again, and the box is out of resets.
@Levitating said:
I feel like there are too many problems with this machine. First of all a number of people have already reported port 80 being down or only returning 504ās, then it being magically resolved 20 minutes later.
I never encountered problems on this box. It might be a problem with something people are doing recently.
It if resolves itself rather than being reset, that sounds like a service being recovered rather than magicā¦
With the |phishing| I spent hours tweaking my script but I got no hits, only after resetting the box 2 times did it magically start to work (I wasnāt sure if the previous reset wen through)
It seems likely that the first reset was cancelled by someone. Looking at the shoutbox, people are getting user & root on this box so it must be working for some people.
Right now, I canāt continue with the box because the main nginx server is returnign 500 errors again, and the box is out of resets.
If it is on the free server, then the next person who is struggling with is likely to reset it for you.
If you find lots of problems, it really is worth reporting it to HTB via a JIRA ticket. Then at least they can look into any problems, especially if it is something like a build issue which isnāt being fixed by resets.
However, bear in mind, if people are working on the box, they might be doing things which are causing issues - even if it makes no sense. Never underestimate the strange things people will try and the impact that can have on services and processes.
Could someone please kindly offer some advice in a PM? I have hooked one set of credentials and was able to use this to log in to one service on one port but Iām stuck from there. Thanks in advance 
Update: Thanks @Levitating for the DM and @TazWake for the reply. Iāve progressed to the next step
@emilkloeden said:
Could someone please kindly offer some advice in a PM? I have hooked one set of credentials and was able to use this to log in to one service on one port but Iām stuck from there. Thanks in advance
On that service is there anything which looks like it relates to the place where you got the emails you used to get the credentials?
If so, remember that service works in two directions.
The mechanism to receive a message on port 80 is an absolute mystery to me. Please, can someone enlighten me on this subject?
@blueteam said:
The mechanism to receive a message on port 80 is an absolute mystery to me. Please, can someone enlighten me on this subject?
Well, I am not sure what this is actually asking - do you mean how HTTP traffic works over IP?
Type your comment> @TazWake said:
@blueteam said:
The mechanism to receive a message on port 80 is an absolute mystery to me. Please, can someone enlighten me on this subject?
Well, I am not sure what this is actually asking - do you mean how HTTP traffic works over IP?
Forget I asked TazWake. Iāll ask someone else via DM.
