Quick

Super cool box, just got the user!

just got user… when the creator said it was esoteric they sure weren’t kidding! Enjoyed path to user from foothold. For foothold the landing page text is important and many wont have even done it before.

Error code: SSL_ERROR_RX_RECORD_TOO_LONG

I’m getting this, any hints how to bypass it ?

can anyone give me a clue for the next step? I have managed to log into the portal tried a few things but am now hitting a wall…

Type your comment> @Dreadless said:

can anyone give me a clue for the next step? I have managed to log into the portal tried a few things but am now hitting a wall…

Inspect the header of the requests closely, you’ll find the clue to the next step.

great machine, I appreciated.

root@quick:~# ifconfig|fgrep 10.|awk '{print $2}'&&whoami 10.10.10.186 root

calipendula
for nudges on discord calipendula#1089
please don’t ask solutions but little hints

Where are u guys getting the creds for login?? I’m getting “Error code: SSL_ERROR_RX_RECORD_TOO_LONG” & stuck here…is there any other any port I’m missing out?

Type your comment> @b3nn said:

Type your comment> @Dreadless said:

can anyone give me a clue for the next step? I have managed to log into the portal tried a few things but am now hitting a wall…

Inspect the header of the requests closely, you’ll find the clue to the next step.

I fear this is something new to me as I am looking at the headers but not seeing the magic

finally got user last night, working to create an RCE script today so I can get back quickly. ready to tackle the user privesc and then onto root!

PM with what you tried up t if you’re stuck.

Type your comment> @alalno said:

Where are u guys getting the creds for login?? I’m getting “Error code: SSL_ERROR_RX_RECORD_TOO_LONG” & stuck here…is there any other any port I’m missing out?

This seems to be a common problem. This is coming up because your browser is trying to negotiate HTTPS like the link tells it to, but is not receiving what it expects. It thinks it is receiving an SSL record that is too long, it is actually just getting the same HTML page you’d get from a port that’s not supporting HTTPS. So… is there another port you might need to try?

@calipendula Thanks for clearing my brain! And as always @applepyguy thanks for the constant guidance as well haha

Just got user! Man this was a way to go for me. Now it’s time for root

Edit: Got Root, this box was quite a journey for me.
PM me for nudges

Type your comment> @DaWoschbar said:

Just got user! Man this was a way to go for me. Now it’s time for root

Same here. :slight_smile:

Hi, is there anyone willing to help me out with the initial foothold? many thanks

really tough box if i didnt get help i quit lol
new tech really make me cry

Is it expected to brute force user/pass for part of the initial entry?

Type your comment> @MalwareEater said:

Is it expected to brute force user/pass for part of the initial entry?

no, pure brute force is against the HTB rules for machine creation/submission

Spoiler Removed

Rooted. The initial part of this box was pretty annoying. Thanks to @Chr0x6eOs for the nudge. I know @MrR3boot doesn’t require us to brute force anything, but this one seemed to require a lot of educated guessing. After the initial login, it was pretty straight forward. Thanks for the box @MrR3boot. The reward for my labor is a freshly compiled copy of c*** with fancy new features.

i keep getting Error retrieving URL at the p portal…that should make sense anyone else