Official Socket Discussion

system · March 25, 2023, 3:00pm

Official discussion thread for Socket. Please do not post any spoilers or big hints.

LostAngel · March 25, 2023, 8:32pm

I wonder if anybody else has the same trouble with a slow HTB instance… trying to download a larger file … and the rate is below 20kB/s, this really sucks.

agathanonymous · March 25, 2023, 9:15pm

Do the app download links work for anyone?

Update: Yes, it just takes a ■■■■ long time

Offancy · March 25, 2023, 9:43pm

I cant enumerate this machine at all. Anyone else having this Problem?

m4rsh3ll · March 25, 2023, 9:55pm

ping? if not - check vpn: use competitive, not lab

Offancy · March 25, 2023, 10:04pm

I was using competitive but it seems like it was still connecting me wrong. Now its fixed though and i can begin. Thanks

FisMatHack · March 25, 2023, 10:28pm

I obtained valid SSH credentials, the vulnerability is in the WebSocket server, I created a script to exploit the SQL vulnerability.

agathanonymous · March 25, 2023, 10:29pm

Can you recommend any reading/research?

agathanonymous · March 25, 2023, 10:45pm

Nice, that was the direction I was thinking of heading in after peeking into the pyc

Offancy · March 25, 2023, 11:01pm

So I started to take apart the ELF. Is that a rabbit hole then?

FisMatHack · March 25, 2023, 11:17pm

I am a root user, feel free to ask

agathanonymous · March 26, 2023, 2:43am

Rooted.

Paradise_R · March 26, 2023, 4:04am

You may need to change your exploit a little bit, in this case single and double quotes make a big difference

simpson1987 · March 26, 2023, 4:08am

yeah im using single but i can try double.

Paradise_R · March 26, 2023, 5:15am

Finally got pro hacker rank, funniest privesc until now

For people needing to get user, use websockets without fear, this is the machine’s name after all
For root, pspy and a little bit of thinking will do the trick

And for anything else, just send me a message, R is always here

peng · March 26, 2023, 6:03am

Any one can give me some ideas regarding on the initial point?
TKS

Ruycraft1514 · March 26, 2023, 8:40am

Hi, i can do the SQLI with a script that i alredy creted, but when i say to it “SHOW TABLES” it doesn’t show anithing… I have a hashed password, but i don’t now the user. Can you help me please? Thanks!

0utc4st · March 26, 2023, 8:43am

got a password from the db but i have no username, never thought i would have this kind of problems XD, any hint where to find a username, (NOTE : i tried the usernames i found in the db but no luck)

Ruycraft1514 · March 26, 2023, 8:44am

Hey, can i send you a dm by discord to talk from there? I have the same problem, if you want we can fix it together

noxioustab · March 26, 2023, 9:26am

I already solved the box with 10.10.11.206 but whenever i spawn the machine it gives me the weird instance ip and i cant submit my flags…i cant even ping that instance ip otherwise i wouldve logged in from that ip and submitted its flags