Official Trick Discussion

Ic32K · June 23, 2022, 8:40pm

Rooted!

Thanks to NeverHackMe for pointing me in the good way ;-D

guerohack · June 23, 2022, 9:27pm

dm me if you need help

zero · June 24, 2022, 2:21am

Stuck on the Adi panel as well. Any nudge would be appreciated.

hakboi · June 24, 2022, 3:19am

anyone online available to help in DM?

numberfist · June 24, 2022, 4:15am

FINALLY got user. I must have been doing something wrong with the L** before I guess. Thanks @JacobE for pointing me in the right direction!

numberfist · June 24, 2022, 7:58am

Finally rooted!! This was a fun box although I found the privesc kinda strange while going through the details.

Sili · June 24, 2022, 1:33pm

Hello guys, some quick hint for those who are stuck

Foothold

You’ve got creds ? Good, maybe you’ll try those later You need to fuzz more based on what you have to find another subdomain. Maybe the other way ?
Don’t get to technical, remember that is an easy box, so it is, but maybe you need to flip your logic instead of looking for advanced enum

User

You probably just did it to get one cred, do it once more. Maybe fuzz it and jump on user

Root

Who is you ? Don’t get too fancy, a magician needs no tool, just tricks. If you’re still struggling, go back to the basics, and you will google it easily.

Tensagram · June 24, 2022, 2:37pm

Yeah, I did. Now I am with the root and prepod-payroll subdomains ,can’t find if there is another one.

manwithaplan · June 25, 2022, 4:39am

Can I DM someone about the subdomains, and possible files stored on the remote server?

Nevuer · June 25, 2022, 10:40am

Hi, Send me DM

burgerboy · June 25, 2022, 11:30am

Hi, I am new to hacking and finding it quite hard to get started on this machine. I have tried enumerating the ports and fuzzing and attempted to retrieve some smtp credentials but I have not found anything too interesting, could you help me get started

Nevuer · June 25, 2022, 11:32am

Try to enumerate the DNS service.

burgerboy · June 25, 2022, 11:32am

how can I do that?

Nevuer · June 25, 2022, 11:34am

HackTricks is your friend.

burgerboy · June 25, 2022, 11:34am

Ok thanks

Nevuer · June 25, 2022, 11:34am

If you need more help, send me DM.

Zemahseri · June 25, 2022, 11:07pm

Finally rooted. But HtB does not accept the user and root flags.

For the user: Everybody mentioned about DNS fuzzing. After finding sth meaningful from the DNS, if you find a magical technic to read files, you can check anothers services “default” configuration file.

Btw, learned and remembered lots of things. Special thanks @JacobE and @Nevuer and the author.

Feel free to send me a dm.

satya · June 26, 2022, 11:43am

anybody help me what i do on which port i enumerate

Nevuer · June 26, 2022, 11:58am

You have to make a complete enumeration of the DNS.

If yo need more help, send me DM.

zhoumeng2017 · June 26, 2022, 2:40pm

I found the ma****ing sub-domain, what should I do next? It seems nothing interesting