Official Socket Discussion

Official discussion thread for Socket. Please do not post any spoilers or big hints.

I wonder if anybody else has the same trouble with a slow HTB instance… trying to download a larger file … and the rate is below 20kB/s, this really sucks.

Do the app download links work for anyone?

Update: Yes, it just takes a â– â– â– â–  long time

I cant enumerate this machine at all. Anyone else having this Problem?

1 Like

ping? if not - check vpn: use competitive, not lab

I was using competitive but it seems like it was still connecting me wrong. Now its fixed though and i can begin. Thanks :slight_smile:

I obtained valid SSH credentials, the vulnerability is in the WebSocket server, I created a script to exploit the SQL vulnerability.

2 Likes

Can you recommend any reading/research?

Nice, that was the direction I was thinking of heading in after peeking into the pyc

1 Like

So I started to take apart the ELF. Is that a rabbit hole then?

1 Like

The rabbit hole is in the WebSocket.

I am a root user, feel free to ask

1 Like

Rooted. :smirk_cat:

1 Like

You may need to change your exploit a little bit, in this case single and double quotes make a big difference

yeah im using single but i can try double.

Finally got pro hacker rank, funniest privesc until now :face_with_hand_over_mouth:

For people needing to get user, use websockets without fear, this is the machine’s name after all
For root, pspy and a little bit of thinking will do the trick

And for anything else, just send me a message, R is always here :heart:

10 Likes

Any one can give me some ideas regarding on the initial point?
TKS

Hi, i can do the SQLI with a script that i alredy creted, but when i say to it “SHOW TABLES” it doesn’t show anithing… I have a hashed password, but i don’t now the user. Can you help me please? Thanks!

got a password from the db but i have no username, never thought i would have this kind of problems XD, any hint where to find a username, (NOTE : i tried the usernames i found in the db but no luck)

Hey, can i send you a dm by discord to talk from there? I have the same problem, if you want we can fix it together