Traverxec

HTB Content Machines
, , , ,
121

Is the box down for anyone else? I lose connection every few minutes

122

Got user.

For people having problems/getting nothing after getting creds : yeah they can be useful somewhere but you must enumerate and read some files to better understand where you can use them :). You should wonder why there are creds here and for what they are needed/supposed to do

Sorry if I say too much, itā€™s my first time giving my opinion and advice here xD

PM if needed

123

Got user now too.

Go going for rootā€¦ but didnā€™t found anything yet. Can someone PM me a nudge?

124

rooted

PM for nuggets

Hack The Box

125

Initial: Fastest foothold Iā€™ve ever got. 2 steps to get an easy shell.
User: Read files carefully, ignore rabbit holes and RTFM.
Root: You should spot the method fast, try it locally to understand how to make it work.

126

Spoiler Removed

127

Finally.
Foothold: DDoS? Really? Check the description before run something!
User: check that same place where youā€™ve found those creds. Make yourself familiar with capabilities of the service and ask yourself what permissions should you have to view that content.
Root: was mindblowing for me. Itā€™s right in front of your eyes once you logged in, but you just cannot violate args. Fortunately, there is a way to substitute one thing with another and use the same command to get a shell

128

Iā€™m a bit stuckā€¦ Iā€™ve found the place mentioned in the interesting file, just canā€™t find anything further, not sure what to do with the credsā€¦

129

Type your comment> @benhulatt said:

Iā€™m a bit stuckā€¦ Iā€™ve found the place mentioned in the interesting file, just canā€™t find anything further, not sure what to do with the credsā€¦

if you cannot see something it doesnā€™t mean it not exist

130

Rooted.

Feel free to PM. :slight_smile:

131

Type your comment> @olsv said:

Type your comment> @benhulatt said:

Iā€™m a bit stuckā€¦ Iā€™ve found the place mentioned in the interesting file, just canā€™t find anything further, not sure what to do with the credsā€¦

if you cannot see something it doesnā€™t mean it not exist

took a moment to understand what you mean, figured it out now, thank you for the tip!

132

Finally got user thanks to @D3Fix and @olsv . As always something stupid i missed, also found cheetsheet and read it and found another way to get there. funny

133

got root, it was fun.

134

rooted!

Much thanks to @rholas and @idomino when I was stuck at user.

135

Cool box. It was nice and straight forward from start to finish. Perfect way to spend an hour on a lazy sunday. :slight_smile:

136

For people struggling with root. remember its not always a good idea to maximize ur screen :wink:

137

Got a low priv shell, could someone help me with user?

138

btw box goes down likely due to people running the wrong CVE since thereā€™s one for dos

139

Spoiler Removed

140

hint for user:
enumerateā€¦ enumerateā€¦ enumerateā€¦
donā€™t brute-force sshā€¦
for root:
GTFOBins is your friendā€¦
PM me if you need help
YaSsInE