is there any file clean up running? my shell file disappears in minutes, not able to keep a stable shell
Automated cleanup is pretty common on HTB to keep things fair and fun for other players. Perhaps you could use your initial shell to quickly pivot to a more persistent, stable shell?
I merely have 15 seconds honestly ā¦ thatās goes by in switching windows itself
I merely have 15 seconds honestly ā¦ thatās goes by in switching windows itself
Thatās plenty of timeā¦ You can always automate the process with a script (or even Burp Repeater), but it shouldnāt be necessary. Just make sure you have everything you need in place and ready when you upload.
Iām stuck on the rev shell. I went fishing, which led me to the creds that I needed to get FTP access, but nothing sticks out for getting the first rev shell. A nudge would be very helpful!
Iām stuck on the rev shell. I went fishing, which led me to the creds that I needed to get FTP access, but nothing sticks out for getting the first rev shell. A nudge would be very helpful!
I am stuck at this fishing part. From the page I found tons of addresses but I dont know how to proceed. Any nudge on this?
If you have access via that port, you can upload and download. One of the folders should relate to a site youāve found. You may discover that you can put data there.
I feel like there are too many problems with this machine. First of all a number of people have already reported port 80 being down or only returning 504ās, then it being magically resolved 20 minutes later.
With the |phishing| I spent hours tweaking my script but I got no hits, only after resetting the box 2 times did it magically start to work (I wasnāt sure if the previous reset wen through)
Right now, I canāt continue with the box because the main nginx server is returnign 500 errors again, and the box is out of resets.
I feel like there are too many problems with this machine. First of all a number of people have already reported port 80 being down or only returning 504ās, then it being magically resolved 20 minutes later.
I never encountered problems on this box. It might be a problem with something people are doing recently.
It if resolves itself rather than being reset, that sounds like a service being recovered rather than magicā¦
With the |phishing| I spent hours tweaking my script but I got no hits, only after resetting the box 2 times did it magically start to work (I wasnāt sure if the previous reset wen through)
It seems likely that the first reset was cancelled by someone. Looking at the shoutbox, people are getting user & root on this box so it must be working for some people.
Right now, I canāt continue with the box because the main nginx server is returnign 500 errors again, and the box is out of resets.
If it is on the free server, then the next person who is struggling with is likely to reset it for you.
If you find lots of problems, it really is worth reporting it to HTB via a JIRA ticket. Then at least they can look into any problems, especially if it is something like a build issue which isnāt being fixed by resets.
However, bear in mind, if people are working on the box, they might be doing things which are causing issues - even if it makes no sense. Never underestimate the strange things people will try and the impact that can have on services and processes.
Could someone please kindly offer some advice in a PM? I have hooked one set of credentials and was able to use this to log in to one service on one port but Iām stuck from there. Thanks in advance
Update: Thanks @Levitating for the DM and @TazWake for the reply. Iāve progressed to the next step
Could someone please kindly offer some advice in a PM? I have hooked one set of credentials and was able to use this to log in to one service on one port but Iām stuck from there. Thanks in advance
On that service is there anything which looks like it relates to the place where you got the emails you used to get the credentials?
If so, remember that service works in two directions.