Type your comment> @jvlavl said:
I’m connected to the admin interface bu I can’t find the file explorer any more.
hunch how to get there would be nice
The explorer really shouldn’t be there. If you see it there it’s because another user put it there. That should be a pretty big hint on how you need to proceed.
I think I have chosen the right exploit for the user flag. But something does not seem to work right. Could anyone pm me please for a hint?
Can I PM someone for user?
ROOTED!
Really fun and unstable box because people reset it every minute and put the shells in the index -.-
If you need help ping me.
Quick note on this, there’s no need to brute force this - its killing the box for everyone and like most boxes, its not the way.
I want to give 1 big hint : DO NOT RESET THE MACHINE, you do not need front panel at all.
Worried I might be over thinking this one, I got user.txt, a shell, magento admin and a meterpreter session all easily but I’ve spent a day trying to escalate privileges on my shell to get root. If anyone could offer a nudge without a spoiler that would be great!
Type your comment> @poe said:
Worried I might be over thinking this one, I got user.txt, a shell, magento admin and a meterpreter session all easily but I’ve spent a day trying to escalate privileges on my shell to get root. If anyone could offer a nudge without a spoiler that would be great!
I was in the exact same position all weekend until about an hour ago. try running the cmd your trying with s**o
DM me if you need to.
Rooted last week:
hint for user; create that newsletter
hint for root; v for vendetta
If you stuck, PM for help
Finally rooted! Been stucked for days but forgot to spot on some important path in the priv esc part smh. Shoutout to @godzkid
Sheesh. Login to portal, navigate to one page, instantly down again. Was back up for like 2 minutes before someone brought it back down again.
EDIT: Rooted. Thanks to @sHinraTensei, @Rub1ks, @Center for the helpful hints.
Feel free to PM for help.
That really was something.
Personally, I’ve chained two exploits from exploitDB - I’ve had to modify both to get RCE.
There is no need to:
After that, getting root was easy; and next time I’ll read more carefully what the /e**/s****** file says to save me some head-aganst-the-wall-banging.
Feel free to PM for nudges 
Rooted! Finally!
I have a rev-shell as www-data. I think i know the way to root it using something found in /e**/su****** but I cant find a way to get a proper shell working with special keystrokes. If is willing to help please PM. Thanks
Hey!! This was a nice box!!!
Hint for User: well please read the exploit :lol:
Hint for root: just type the word s*** and well something will spark
Hello guys!
I’m totally new at offensive security (I do have a lot of experience in defensive security), anyway this is my first attempt against a HTB machine and rookie as I am, I need guidence to solve it.
After a lot of reading (this entire thread included) and 2 weeks in this box (I know…) I think I have the “plan” to execute to solve it, the “how to…” use the tools is a work in progress in my case, but that’s the fun part, right?
Anyway, this is what I have done so far:
The “plan” I trace was:
Results:
For the users, I’ve tried to browse all the directories in the server (when I said “all”, I mean I have looked at ALL .xml, .txt and files in the server) but either I’m not picking up the right users or I’m missing them completely. Same for passwords.
OK, so in this point is where I need help. What should I be looking for (just a hint) in terms of possible users?
After that I guess I’l go further with step #2 and so on…
Bonus question: Yes or No, the plan of attack is correct?
Came out of hiding for a teeshirt. Both user and root are very basic. Good box if you are aspiring for the OSCP.
PS: I probably won’t respond to messages – am dropping off HTB again now.
Finally Rooted! Thanks for all your help guys!. PM if need help.