Official Time Discussion

could someone please reach out to me. I do have an exploit and I do get a connection back to my JR**L******* but i still do get a validation error (no context given) and my payload does not execute. I am not very familiar with the whole des********** topic and still dont fully understand how it works. so some advice or a link to a more detailed description would be highly appreciated. It also still might be that I am deep in a rabbit hole. so any advice is highly appreciated. thx. for more details on what I have been doing please pm me.

@zaphoxx i will PM you …

Hi there, could anyone help nudge me towards getting closer to the initial shell, i’m pretty sure i’ve found the right exploit and CVE but I can’t seem to get a reverse shell. I’m also not very clued up on J*** or Des*********** vulnerabilities. Any help would be much appreciated, thanks guys :slight_smile:

While i really like the entry point technology (and exploits related to this kind of features), this box does not really make you work for it.

This is a nice first time / beginner box for this kind of vulnerabilities.

People gave more than enough hints imo.

@DonTheBomb i PM you …

@MariaB , thanks a lot for reaching out.

Rooted the machine. Apart from the finding the right CVE, this machine was quite esay to deal with.
Thanks to everyone who gave a nudge.

PM if you need help

Finally rooted. spend too much time with user on the wrong cve which was quite similar to the actual one but didnt work. Root is very easy compared to user and just needs some proper enumeration. Thanks to @MariaB for the help on user.

If not familiar with this, take some time to understand the type of weakness this is about and how it works. You’ll then know what to google for and will find it straightaway. Otherwise, I agree with a few others in here, you might get lost in rabbit holes. The usual 2cents:
User: the above basically ^
Root: classic, it’s yours and root will run it for you

Type your comment> @LMAY75 said:

:neutral:

hello!, I’m a complete beginner .Can you help me with Time box, I’m unable to find the exploit for the vulnerability .please help

@bataffleck i will PM you

Any nudges on foothold guys???

Type your comment> @bataffleck said:

Type your comment> @LMAY75 said:

:neutral:

hello!, I’m a complete beginner .Can you help me with Time box, I’m unable to find the exploit for the vulnerability .please help

DM me

@bataffleck check your PM lol i messaged you long time ago

Hi i’m a complete beginner, i can’t find the exploit for the vuln. Can someone help me?

Type your comment> @whyno said:

Hi i’m a complete beginner, i can’t find the exploit for the vuln. Can someone help me?

Pm

Solved the machine. It was easy as fast as you actually was reading the proof of concept found, and understood what it was doing.

HTB is saying the flags are wrong. What’s up? Do I need to root it again?

I think I understand what needs to be exploited but am getting an error **lize: prevented for ****

Honestly this box wasn’t that easy imo.

I required some time for that user flag, it’s pretty obvious where to get your head into, but not that easy to actually find what you need, or at least for me it wasn’t.
Once you find the CVE, the getting it to work part is also kinda experimenting. Afterwards, ez.

I definitely learned something cool and useful from this user part.

The privesc was probably the easiest I had so far, lol.