I have initial foothold and gonna try to root later.
Anyone that needs help on the foothold can PM me and I’ll gladly help.
Edit: Rooted, was very clear and simple.
Learnt a lot from this box, at times was frustrating but very informative.
just got it ! so happy !
My first machine on HTB, the level for an easy is a little scary 
…
2 Likes
Congrats!
1 Like
Certain aspects are inspired by real-life findings in penetration tests, scenario- and exploitation-wise. Honestly, I never imaged that people would struggle that much with initial foothold. The box is pretty transparent as to what it is doing with your input data.
3 Likes
Can you DM me the file link. I searched but i am not sure which one is that.
Congrats! That’s a rough start XD. It’s classified as easy because of the number of steps involved to achieve user and root exploitation. Harder boxes need more steps and for example scripting or heavy modification of existing exploits.
2 Likes
Hi guys. Can anyone write me a little hint? I got stuck on L*T** filter bypassing.
Thanks for patching and clarifying on the intended path; lots of conflicting info in here!
Well, I promise I’m not usually this dumb, but with this box I guess I am. If anyone can help me with foothold and is online please dm me.
What an absolute pain the research for foothold was Cool box. Very niche. Feel free to dm me here or on discord (same username there as well)
1 Like
Rooted Finally!!
for user:
- as mentioned by afilator you only need One line to read from a specific file which can allow you inside the Castle.
for root:
- usual enumeration. A little cheat here I used ChatGPT to make it.
could you give that flie or link?
1 Like
It took me quite some time to get a foothold on this box. Thanks to those who dropped hints above.
Foothold: spent a lot of time trying to write stuff, before seeing the box creator patched this. Intended way as mentioned above is to be able to read single lines only. Since payload is being passed as a GET parameter its needs some encoding.
For the file that needs reading, enum the domain for other sites (vh***s), one of these sites asks for something. This plus common site directory structure, should lead you to it. You still wont be able to read it with the basic payload. Consider what’s normally in this type of file and what needs handling for it to be read.
Root: straight forward, spy and you’ll see.
Rooted!
Nothing really to add in terms of tips. Everyone else’s sum it up pretty well.
I need a good Hint.
i can help me with it
good
Just able to read single line, tried many way to view files no success, any hint would be appreciated. Thanks.
complet
I can read .ht****s but not .ht****d I don’t understand; can anyone help me ?
edit: forget my question, all you had to do was encode