Olympus

After spending a lot of time on enumerating dns & web i found nothing, except someones’ webshells. Tried stego as well.
Any hints on that machine?

So do I. Hints are welcome.

Hm bit early for hints as the machine have only been up a day…

@shellyhx said:
Hm bit early for hints as the machine have only been up a day…

well i’m trying to compromise for ~10h already

Very nice machine. Just started and have the footprint. The question is how to exploit this because I never played with this “stuff”. Some research will be needed.

For developers it should be a piece of cake, but I’m unfortunately not a developer.

No need to be a developer to exploit this bad configuration. Google for it, there are exploits listed on the first page, the Chinese paper is great. I am stuck a little bit further with a password, a remote (outside htb) cache of data I can’t access/exploit without knowing host_id value…

I have shell, but cannot find user.txt. Did you manage to get it?

@cgrenier said:
No need to be a developer to exploit this bad configuration. Google for it, there are exploits listed on the first page, the Chinese paper is great. I am stuck a little bit further with a password, a remote (outside htb) cache of data I can’t access/exploit without knowing host_id value…

If you have enumerated for 10 hours and haven’t found anything, the hint you are looking for is probably this: PAY ATTENTION.

I found what i needed, right now having new problems again c:

got root, that was exciting

i found an exploit from 2000 but its not working :confused:

Hi. I found that stuff about bad development config, but when I try to use it, the server communicates with my machine, but then sends a rst packet. Is this part of the challenge, or is there something wrong with my machine?

I’m from Brazil, and this bad development config has a connection timeout that is not big enough for the connection to succeed. I just changed my vpn from europe to usa and everything worked as expected.

@lehrling said:
I’m from Brazil, and this bad development config has a connection timeout that is not big enough for the connection to succeed. I just changed my vpn from europe to usa and everything worked as expected.

Yes, I know your pain.

Any idea on how to get a tty on this machine?!?

@Mefistogr said:
Any idea on how to get a tty on this machine?!?

look closely onto web :slight_smile:

agreed, timeouts have been killing me lol

This machine is driving me crazy. I’ve run multiple recon tools but I can’t get anything useful to get the initial foothold. If someone wants to help me, I would really appreciate a PM

I have shell, and I have found something interseting, from which I have derived something and cracked something else. No idea what to do next, as in order to use these findings a certain type of interface has to be available, which it doesn’t seem to be?

Hey guys ,any hints for non-visible user.txt ? Also is the capture relevant or just a rabbit hole ?