Official Undetected Discussion

there is a htb matrix channel for us that dont like centralized/closed source stuff like discord #hackthebox:hispagatos.org you welcome to join is htb but mostly competitive ctf’s

hi, please, I’m kind of a fresher here, and the first machine I got to try out on my own had no open ports. and then, nmap says they’re all filtered, could you please point me in the right direction please

Are you connected to the htb vpn?

Yes, I am. Eventually, I had to scan the whole ports, not limiting to the first 1000.
but even that, it only showed 3 ports open without their version even though I used version scans.
ftp, smtp and one other one.

still don’t know where to go from there, it’s not as if I Can use social engineering, and port 80 isn’t open.
:frowning:

hi, I think I might be doing something wrong, virtually all machines that I try to scan keeps saying they’re all down.

I just finished the starting point, I’m trying to pentest other machines myself, but nmap keeps saying they’re all down

It sounds like you shut off the VPN or rather using the wrong VPN the ones for the boxes and the starting point is different. make sure “LAB” is the one you’re connected too

Very confusing box.

Oh man… I found that hard. Not seen those skills tested in a boot2root before so I basically missed the clues.

Very fun though.

someone is ddosing the machine I cant do a ■■■■

Hello, got user with the help of a writeup, didn’t expect reversing in a boot2root type challenge. However, I am stuck at root. Before going to read rest of writeup, anyone would give me a nudge?
I read the ‘message’, And I went through all the ‘default files’… But I didn’t see anything out of the norm… Maybe I am not familiar enough with the service… Someone help me

Regarding that specific services mentioned in the message, try to sort all related files and see what’s been modified recently

1 Like

had to read the full writeup at the end, worst box ever, didn’t even understand the way to de compile the binary and extracting the root password, unnecessarily hard and unrealistic…

1 Like

Definitely an interesting box. finally got root after a nudge. there are some steps involved to get root so take your time

1 Like

I am stuck at foothold, I managed to find the s****.d*******.htb and the /ve****. But from there I found nothing else.
Anybody now what to do next ? I tried fuzzing, wpscan, gobuster and dirsbuster but found nothing that could help me

google exploits for every folder listed in the /v* directory. Your answer will be on a popular CVE database.

1 Like

Hi. I’m stuck on foorhold I found the hidden subdomain. And also I think that i may have detected wordpress but thats looking like a dead end. Any tips on foothold.

Removed.

Removed.

Agreed. I would have never figured it out on my own. I thought the info binary was a rabbithole and/or a left over from a user.

EDIT: Thank you - this was helpful. Got an initial foothold for www-data. Can anyone give me a nudge on where to go next? Dug around for hours without identifying anything.