Official Trick Discussion

i just want to know. WHO TE ACTUAL F**K THOUGHT IT WAS A GREAT IDEA TO SCHEDULE A CRONJOB TO FLUSH THE CONFIGURATIONS EVERY MINUTE? can u please give me at least 2m or do i have to be a world champion at typing? also machine is broken. found in 2 minutes the priv-esc but giving u+s to /b*n/***h and executing it doesnt give me the group. HTB free machines without paying has to be the worst experience

1 Like

so i thought, well we know that method is broken, let’s just open a revshell to myself, it doesnt work either. wow i’m tilted

Got list of users on machine, currently struggling to figure out which ones have logins available . Any tips? Feel free to dm.


USER: Fuzzing is the way, dont waste time in something thats seems juicy.
ROOT: Google, read carefully about that and just pay attention what you can do as that user.

Nice machine :slight_smile:

This was so fucking annoying =))

I’m stuck at the admin panel, anyone open to a dm?

1 Like


Thanks to NeverHackMe for pointing me in the good way ;-D

1 Like

dm me if you need help

Stuck on the Adi panel as well. Any nudge would be appreciated.

anyone online available to help in DM?

FINALLY got user. I must have been doing something wrong with the L** before I guess. Thanks @JacobE for pointing me in the right direction!

Finally rooted!! This was a fun box :slight_smile: although I found the privesc kinda strange while going through the details.

Hello guys, some quick hint for those who are stuck


  • You’ve got creds ? Good, maybe you’ll try those later :wink: You need to fuzz more based on what you have to find another subdomain. Maybe the other way ?

  • Don’t get to technical, remember that is an easy box, so it is, but maybe you need to flip your logic instead of looking for advanced enum


  • You probably just did it to get one cred, do it once more. Maybe fuzz it and jump on user


  • Who is you ? Don’t get too fancy, a magician needs no tool, just tricks. If you’re still struggling, go back to the basics, and you will google it easily.

1 Like

try to enumerate dns carefully.

Yeah, I did. Now I am with the root and prepod-payroll subdomains ,can’t find if there is another one.

Can I DM someone about the subdomains, and possible files stored on the remote server?

Hi, Send me DM

Hi, I am new to hacking and finding it quite hard to get started on this machine. I have tried enumerating the ports and fuzzing and attempted to retrieve some smtp credentials but I have not found anything too interesting, could you help me get started

Try to enumerate the DNS service.

how can I do that?