Official Trick Discussion

randomGuy · June 21, 2022, 11:48am

I got Adm********** access to page. Don’t know what to do now, please dm me with hint.

0xalivecow · June 21, 2022, 2:45pm

Not really sure what to look for here and none of the ports seem to yield any useful information.

wallehazz · June 21, 2022, 4:33pm

DM bro

Nevuer · June 21, 2022, 5:22pm

Full pwned. The “trick” be sure to find ALL the sub-domains.
It`s a good machine, any question DM.

dshan · June 21, 2022, 8:27pm

Is the box down? Whenever I go to the preprod-prll.tk.htb it keeps giving me a blank screen. Please help.

Danakane · June 22, 2022, 12:26am

You don’t need the write permissions on the .conf file You already have write permission on the directory. Check the official fail2ban documentation to get how to proceed

d3aeg1s · June 22, 2022, 2:51am

Hey All, I am a little stuck getting the LXX to work. Can anyone give a nudge?

I have passwords and users and can get some files, but not others

Nevuer · June 22, 2022, 6:56am

Send DM

derekwreck · June 22, 2022, 3:07pm

Hey guys, having issues with priv esc to root. Trying to replace ipt****-m******t.***f n restart f2b. But my code is not being executed.

donthackme22 · June 22, 2022, 5:15pm

Got to admin site, got access to login, got creds to 2 users, found LXX, read every php page I could find w the LXX (used php filter…) but I’m stuck at this point for over a day, tried everything I could think of. Can I get a hint

okustes · June 22, 2022, 6:04pm

stuck at admin panel and L** . can anyone give a nudge?

Spirit3000 · June 22, 2022, 6:23pm

My mistake was to think that this page is the last one. Look at this sumdomain and think.
Are you sure you found all the subdomains ? Maybe something hidden exists.

Spirit3000 · June 22, 2022, 6:29pm

You don’t have enough rights to overwrite this file, since root owns it.

binho1337 · June 23, 2022, 1:28am

rooted, nice machine:

fuzz everwhere i will try another path tomorrow.

TIPS: play with DNS and fuzz.

if anyone wanna more help send me a message

mium · June 23, 2022, 2:56am

I knew it has a big trick, but I couldn’t get out of it.

bongio · June 23, 2022, 3:40pm

i just want to know. WHO TE ACTUAL F**K THOUGHT IT WAS A GREAT IDEA TO SCHEDULE A CRONJOB TO FLUSH THE CONFIGURATIONS EVERY MINUTE? can u please give me at least 2m or do i have to be a world champion at typing? also machine is broken. found in 2 minutes the priv-esc but giving u+s to /b*n/***h and executing it doesnt give me the group. HTB free machines without paying has to be the worst experience

bongio · June 23, 2022, 3:43pm

so i thought, well we know that method is broken, let’s just open a revshell to myself, it doesnt work either. wow i’m tilted

ChefBoyRD · June 23, 2022, 3:47pm

Got list of users on machine, currently struggling to figure out which ones have logins available . Any tips? Feel free to dm.

guerohack · June 23, 2022, 3:55pm

Rooted

USER: Fuzzing is the way, dont waste time in something thats seems juicy.
ROOT: Google, read carefully about that and just pay attention what you can do as that user.

Nice machine

nhocit · June 23, 2022, 7:44pm

This was so fucking annoying =))