Quick

HTB Content Machines
122

ok, I think i have an issue with my VM. I’m stuck at the foothold, I found out the P process and manage to get curl to fetch it ( was a nightmare to update and compile properly), anyway, this is the only way I get a reading of p*.q***.***b Am i supposed to be able to get there with our favourite orange k9 ? because the dark shiny metal cannot be installed on linux. am I doing something wrong ? or is this how it’s supposed to be done?

123

Any hints on privesc from user2?

NVM: rooted. Thanks @applepyguy

124

Type your comment> @offsecin said:

All i can do with this box is now move on.
Helpless and i have nothing left to try…
This box may be the best …but its super frustrating for me .

Did you spot the technologies that are being used for initial foothold and initial user access? Got past the first one, still fighting with the second to get initial user.

125

Type your comment> @guanicoe said:

ok, I think i have an issue with my VM. I’m stuck at the foothold, I found out the P process and manage to get curl to fetch it ( was a nightmare to update and compile properly), anyway, this is the only way I get a reading of p*.q***.***b Am i supposed to be able to get there with our favourite orange k9 ? because the dark shiny metal cannot be installed on linux. am I doing something wrong ? or is this how it’s supposed to be done?

I wasn’t able to just had to use curl. Which is enough to get the required information

126

Was this box updated or changed since it was first released? I feel like I cannot access somewhere where I had been able to the night it dropped. Also nmap results seem different.

127

@d4rkm0de said:

@Brogramm3r said:
Got user, I can sleep now.

PM if you’re stuck

I feel ya. I was the 200th user flag submitted on this box just a few moments ago. Now I can sleep too!

What a journey it has been

Yeah, this one is a doozy lol. Congrats :smile:

PM if you wanna bounce some ideas off each other for privesc

128

Type your comment> @offsecin said:

All i can do with this box is now move on.
Helpless and i have nothing left to try…
This box may be the best …but its super frustrating for me .

hit me up if you need. just about everything is within the reach of research if you’re willing to do some building & get relentless along the way.

129

Type your comment> @chicxulub said:

Was this box updated or changed since it was first released? I feel like I cannot access somewhere where I had been able to the night it dropped. Also nmap results seem different.

I def had some inconsistent results with nmap. but in my experience, that specific type of nmap scanning is always a bit unreliable

130

Kinda stuck at foothold. Do you use port 9*** with the newer protocol? I get Connection refused :confused:

EDIT: nevermind, I forgot it uses the other transport protocol. I still don’t get any reply though…

131

Type your comment> @Brogramm3r said:

@guanicoe said:
i get SSL_ERROR_RX_RECORD_TOO_LONG, ham i digging the wrong hole?

Same here. Did you ever get an answer for this? I’m pretty stuck on this foothold…

yes and no. Yes in terms that i think i was looking at the wrong place, at least i did not need to fix it to get passed this step. No because i am still not sure why this happens

132

what a great and entertaining box! learned a lot while having lots of fun. defo a hard one.
took about 12-14 hours altogether for me with some small nudges.

here are my cryptic clues:
foothold: follow the message, use your new tech, read client testamonials
user#1: use your head, google fu
user#2: script and rock, then be quick to your job
root: easy just look around

drop me a PM for equally cryptic nudges :wink: i’ll try to help if i can

133

and rooted! it was an intense journey. thanks to @MrR3boot for such an amazing box. learnt a lot in each part

134

Rooted! It was a great machine and learned a lot from it
initial foothold: 3rd time is a charm
user#1: it’s all in the head
user#2: bash fu to a possible file location
root: you know what they say these days: #stay-at-home

135

Rooted. This machine offered me a few good moments to strengthen my python automation skills. Thank you @MrR3boot

136

just got user… pheeww

137

@d4rkm0de Yes I believe it was a false alarm. It may have just been someone trying to brute/ scan hard. haha . It’s now acting like it was before.

138

Type your comment> @xrchsploit said:

curl: (7) Failed to connect to p****.******.**b port 443: Connection refused

This is giving me a headache, any tips on what I should do or nudge in the right direction? Please PM

DM on insatgram

139

Rooted after a long drought, my thanks for anyone who helped in the process !
PM for nudges

140

hey,
i want to say to whom changing the s****m password there is no need just DM me i will give script to decode the hash

and please no need to reset every 5min
im fighting against changing pass and resetting and f5 and i need to be quick

please !

141

To those who are having issues trying to connect to the box via new tech, or are having trouble compiling stuff, there are a few really nice docker images that you can try.

Loving the box so far!