Official Soccer Discussion

B1ghead · December 20, 2022, 11:45am

dm me if you like

XSSDoctor · December 20, 2022, 2:51pm

SUCH a fun box. dm me if you need help, I thought it was more like a medium box

KKK45 · December 20, 2022, 5:15pm

Permissions do the magic… If you want any thing further DM me

plzzzzz · December 20, 2022, 5:57pm

I get the shell，but i can’t get the user.txt🤣

ziggoon · December 20, 2022, 10:04pm

Any tips? - I have hash/pwd for user but cannot seem to use them via ssh / su

rotzkokowski · December 20, 2022, 10:29pm

How did you get the Hash?

ziggoon · December 21, 2022, 12:19am

rooted that was a very fun box… learned a lot

TomStock · December 21, 2022, 8:44am

Rooted!
Awesome box! Learned a lot! Finding root took me some time, but once you are on the right track it will go pretty fast.
Some hints;
User: Take special care with case sensitivity when extracting once you have found an obvious attack vector
Root: Everything you need to know is present in our most beloved vegetable enumeration tool!

Thanks @XSSDoctor @KKK45 and @B1ghead for helping out in de DM’s

Tsihen · December 21, 2022, 9:42am

how 2 get root? is there any hint?

H4ckSp4rr0w · December 21, 2022, 11:00am

Can someone help me to get user? I have the shell of the victim machine but I can’t get the user because im www-data

KKK45 · December 21, 2022, 11:44am

There is another subdomain you need to find. Enumerate there.

memmas · December 21, 2022, 12:38pm

rooted !!! thanks for @KKK45 and @JacobE for the help and hints in the DM’s

julianglez16 · December 21, 2022, 12:41pm

Rooted!

Thanks to @r3nt0n and @TomStock for the help!!

devi4nt · December 22, 2022, 9:23am

Everything seems very common, after www-data and the new host discovery, should i manage to manipulate the ws?

devi4nt · December 22, 2022, 10:00am

NVM, anybody who found him self in the same thing - suggest you to search for Rayhan’s writeup regarding popular attack on websockets

Diaboltz · December 22, 2022, 11:09am

im finding the subdomain in /sites-available but trying to navigate to it is not resolving? Am I missing something XXXX/soccer.htb??

Diaboltz · December 22, 2022, 11:09am

Also, my VPN disconnects every 2 minutes, why is that?

devi4nt · December 22, 2022, 11:48am

You suppose to see there a new host subdomain that will enable you to register and test another instance.

Diaboltz · December 22, 2022, 11:50am

Yeah I have gathered as much from reading some walkthrough, but XXX.soccer.htb is just not resolving…

Should I add this to XXX/soccer.htb to my hosts file? I tried this, then i am getting a 502 error

devi4nt · December 22, 2022, 11:52am

Rooted.

User: there are pretty common way to gain the initial shell afterwards you should travel around and define your next target that will lead you to the “other” user. The way to gain other user are pretty complicated and all familiar with this technique as i mention before - look for Rayhan’s post about the thing, it has a clear python script and walkthrough.

Root: the path to root are clear from the initial shell, search the regular vectors and then try to understand how to manipulate the “sudo” like command, you will need to create certain and dedicated file to this binary.

Not easy machine on my side, but was fun.