Hi, I tried that but I never get a response back to my machine. Does it require to include specific words in the subject to trigger or similar ? Maybe PM me for more details how I tried to do that.
No specific words as such as far as I am aware. Some trial & error may be needed.
I found it helped to remember this is a CTF, there isn’t a human you need to trick.
One other common thing: Remember to computers there is a significant difference between ldap://10.10.10.10/, smb://10.10.10.10/, http://10.10.10.10/ (etc) and simply 10.10.10.10.
Hi, I tried that but I never get a response back to my machine. Does it require to include specific words in the subject to trigger or similar ? Maybe PM me for more details how I tried to do that.
No specific words as such as far as I am aware. Some trial & error may be needed.
I found it helped to remember this is a CTF, there isn’t a human you need to trick.
One other common thing: Remember to computers there is a significant difference between ldap://10.10.10.10/, smb://10.10.10.10/, http://10.10.10.10/ (etc) and simply 10.10.10.10.
Thx for your response. I reset the machine and then it worked the way I tried before. Maybe the automatic handler had a glitch.
Read through this thread. Having trouble getting an initial shell after logging into f**. Am I missing something? It seems that I cannot really upload much and when I do it cannot be found… Tried brute forcing the other popular service but no dice. Any help is appreciated.
Read through this thread. Having trouble getting an initial shell after logging into f**. Am I missing something? It seems that I cannot really upload much
How much do you need to upload?
and when I do it cannot be found…
If you look at the folder names you should see how they relate to the pages you are looking at. The path should become apparent based on where you found the information you needed to get into the service we are talking about here.
Tried brute forcing the other popular service but no dice. Any help is appreciated.
In addition to getting a shell, it’s worth taking the information you have here and fuzzing to see if it gives you any new insights into things that might be served up.
Read through this thread. Having trouble getting an initial shell after logging into f**. Am I missing something? It seems that I cannot really upload much and when I do it cannot be found …
Well had some issues here, too. You’re on the right track, but be quick.
Just rooted. Really enjoyed this box - thanks to the creators. User to root was fast. Happy to nudge if you’re stuck, but let me know what you’ve tried first and what the plan is/was for the next step.
Is anyone else running into a permissions problem on the user step when trying to use the features of the running service? I’m not sure if I’m just not using the right file (or environment) or if I missed something else.
Most people rated this box as “a piece of cake”. Really?
I find people quite often under-rate boxes. One out of 21 people who have rooted RopeTwo said it was a piece of cake when it clearly isn’t. I didn’t think this box was particularly easy.
Realistically it is going to be impossible to ever have an effective rating scale - even the easy/medium/hard/insane spectrum is too subjective.
The only things I use to judge “difficulty” of a box are:
number of user owns over time.
number of root owns.
For example sneakymailer is about the same number - and quite high for a month old box - so it is probably at the easier end of. Buff has twice as many user as root, which implies the privesc is an issue for people, but it has twice as many user owns as Sneakymailer so it is probably a lot easier.
user took me waaaay too long. thanks to 11o for helpng me get user. My tip is to make sure your s****.*y is formatted well. I thought mine was originally and I couldn’t pick up anything when I was listening. went back and formatted it properly and I finally got user. Root was super easy which was refreshing after how long the rest of the box took me.
Finally rooted, i was stuck on user for days, root was a reward after the long road. Usually the box images and logos are a good tip, but for me, in this box is special. Thanks for box.
Cool stuff in this machine. Could’ve had a better balance between user and root difficulty if the final step to get user would’ve been the first step towards root, after getting user.
is there any file clean up running ? my shell file disappears in minutes, not able to keep a stable shell
Automated cleanup is pretty common on HTB to keep things fair and fun for other players. Perhaps you could use your initial shell to quickly pivot to a more persistent, stable shell?
