Very stuck on the package step, any help would be greatly appreciated.
Especially links to documentation on the “exploit”. I mostly just don’t understand the concept and I can’t find anything about it.
@ToxicBiohazard said:
I need nudge
Look for open ports and exploit them.
Rooted! That box was a roller coaster but I learned a lot. Thanks to @TazWake for working with me on the user step.
Foothold: At first, this really pissed me off. I had no idea they would try something like this on a CTF box and wasn’t expecting it. Looking back at it I like it, brings a real-world technique in as best as possible.
User: This was incredibly painful, but in the end I learned a lot and it was a good experience working with this service.
Root: Took me less than a minute. It’s very, very obvious.
If you need any hints feel free to DM me!
Type your comment> @TazWake said:
@0xR3tr0z said:
I’ve managed to login successfully in ftp but I am getting a ‘425 failed to establish connection’ error. I’ve reset the box a couple of times but I still get the same error. Very weird because 1-2 days ago I logged into ftp with the same creds and it would respond to my commands. Any ideas on how to troubleshoot this?
Often that means a firewall is in the way or something similar. Do you get a 200 immediately before it?
I can login but when I try to execute a command like ‘ls’, first it gives me a
‘200 PORT command successful. Consider using PASV.’ response
but then it takes too long to respond and then gives me a
‘425 Failed to establish connection.’ error.
@0xR3tr0z said:
I can login but when I try to execute a command like ‘ls’, first it gives me a
‘200 PORT command successful. Consider using PASV.’ response
but then it takes too long to respond and then gives me a
‘425 Failed to establish connection.’ error.
Is this any help?
Type your comment> @TazWake said:
@0xR3tr0z said:
I can login but when I try to execute a command like ‘ls’, first it gives me a
‘200 PORT command successful. Consider using PASV.’ response
but then it takes too long to respond and then gives me a
‘425 Failed to establish connection.’ error.Is this any help?
Thanks that worked.
I am not able to get ************ domain. Any hint for that. I tried several times. but no luck…
stucked…
@encroachdcs said:
I am not able to get ************ domain. Any hint for that. I tried several times. but no luck…
stucked…
Have you added it to your hosts file?
It was a really interesting machine!
Discovered new tools, techniques and how p**** pack**** work!
However, the foothold was unexpected. Maybe a bit of guessing?
The BIG CLUE for you would be to think as if there was a real victim using the machine.
Feel free to PM me for nudges!
I’m a bit lost. I got into f*p and uploaded a simple php hello world file to test but keep getting 404 even after fixing permissions. I guess we are on another sub-domain or something, but not sure. I tried the obvious *** based on the folder name. Is there a clue lying around somewhere?
@burgers said:
I’m a bit lost. I got into f*p and uploaded a simple php hello world file to test but keep getting 404 even after fixing permissions. I guess we are on another sub-domain or something, but not sure. I tried the obvious *** based on the folder name. Is there a clue lying around somewhere?
Double-check how you checked the obvious. Interestingly I found the emails on it in the first place.
Type your comment> @TazWake said:
@burgers said:
I’m a bit lost. I got into f*p and uploaded a simple php hello world file to test but keep getting 404 even after fixing permissions. I guess we are on another sub-domain or something, but not sure. I tried the obvious *** based on the folder name. Is there a clue lying around somewhere?
Double-check how you checked the obvious. Interestingly I found the emails on it in the first place.
I understand you can’t be specific but a PM would be great, still learning so I’m not sure if I’m totally unaware of something I should check 
I do have 2 sets of creds that I’ve used in 2 different services, and have tried reusing them elsewhere without luck yet. I know there’s a 3rd account that’ll run some stuff, but don’t seem to have a way to put it in the right place just yet and was thinking the PHP file is the way to get in.
@burgers said:
I understand you can’t be specific but a PM would be great, still learning so I’m not sure if I’m totally unaware of something I should check
Feel free to PM me but I won’t be able to reply until the morning (UTC+1) now.
guys does this machine over? since I am trying accessing the website http://sneakycorp.htb/ and it’s not opening…
any thing to do ?
@Dostora said:
guys does this machine over? since I am trying accessing the website http://sneakycorp.htb/ and it’s not opening…
When you say “it’s not opening” what does that mean? Your browser should be giving you some error message. This message will give you an idea what the issue is.
For example the difference between a server issue, a network issue and an issue at your end is only visible in the error messages.
any thing to do ?
At a guess, with nothing else to go on, I’d say it was probably down to the /etc/hosts entry not being set up.
Finally rooted, that was intense, but learn a lot of new things.
You can pm me for nuggets 
finally rooted
rooted. What a ride. PM open if you need a nudge or two…
Spoiler Removed