Soo, I managed to run commands as www-data in a really weird way, but it works. Does anybody want to discuss a more comprehensive or easier way? I can share my way of doing it, but there must be a more easy way. Please PM
i have a full shell, but stuck with user flag
any help for just start pm me please
Type your comment> @peek said:
i have a full shell, but stuck with user flag
Same. Help would be appreciated
i dont blame the box or its author, but who tested the box ? and how ?
Type your comment> @peek said:
i dont blame the box or its author, but who tested the box ? and how ?
And this is just next of many times lately when I wonder if this is a good idea to release machine every week?
Isn’t better to release less but consistently, with good quality and a correct rating of the machine?
Type your comment> @m4rc1n said:
Type your comment> @peek said:
i dont blame the box or its author, but who tested the box ? and how ?
And this is just next of many times lately when I wonder if this is a good idea to release machine every week?
Isn’t better to release less but consistently, with good quality and a correct rating of the machine?
it’s more about the rating, the box is pretty good except the sq* part which is insane.
Any hints on root?
Type your comment> @m4rc1n said:
Type your comment> @peek said:
i dont blame the box or its author, but who tested the box ? and how ?
And this is just next of many times lately when I wonder if this is a good idea to release machine every week?
Isn’t better to release less but consistently, with good quality and a correct rating of the machine?
Pretty sure everyone is asking that same question. I know I have myself.
Type your comment> @guly said:
box author here.
as far as i know, as of now, NOBODY got the foothold as intended. it’s clear to me that the path wasnt clear enough, and it’s of course my fault.
i’m very sorry because i hate guess-game, and this box turned out to be like that to most of you.
enumeration is so slow because you should drop your automated tools and review that 6 (SIX, not the whole raft-large, SIX) pages. then, it’s a matter of looking for the misconfiguration that leads to easily get the bug exploitable to reach foothold.
OR, you can find the same bug by using so many “sleep” from the server that the Sleeping Beauty will wake up ages before youroot was just a matter of searching for uncommon things, and thinking about implication and possible workaround. wear your sysadmin hat.
the plan was different and makes sense, turns out that i’m not Spielberg and i cannot make it clear enough for you all.
again sorry if you got this as guess-game, hope you’ll have the chance to re-read this box as soon as the intended way comes out.
I haven’t even gotten user on this box yet due to a combination of being busy IRL as well as being frustrated with the initial steps, thinking it was a CTF #GuessTheBox type thing. It would appear, however, that my initial judgements about it were wrong/misplaced.
I just wanted to say thanks @guly for being honest and taking the time to politely respond to the criticisms in this thread (and handling them so well). We don’t see that very often.
+respect
I don’t even have user yet and perhaps it is the case that this box ends up having some really interesting vector which is mildly interesting, but even if that is the case it’s almost entirely certain that I won’t see it again outside of HTB. Even if that is the case, there’s really little point in the md5/multiple index file trolling. That part honestly reminds me of oz. That box had a lot of great stuff, but honestly the idea that you’re teaching someone something by having randomly generated responses to what should just be 404 errors is highly misguided. I mean, sure, learning how to use obscure aspects of wfuzz is possibly interesting to someone, but it has (speaking as someone who’s been doing this stuff in the real world for a while) as close to literally zero real world applicability as is possible. The same thing is true of using iana port numbers for CMS ids and using hashed iana service names for filenames for those pages. I’m sure that some people really enjoy leading people down endless rabbit holes and to refer back to oz, here are two comments which made it into the actual box there:
Error handling brought to you by Overcast!
End Overcast error handling, thanks for letting us use this, it was brilliant!
So lest anyone be at all confused about whether it was a purposeful attempt at wasting people’s time and being trollish when there’s absolutely zero benefit in that case, there’s your answer.
Since I haven’t bothered to spend much more time on this box after reaching the conclusion that it’s also likely got a bunch of pointless trolling, I can’t say 100% for sure whether it’s the same thing here, but I will say that for anyone claiming that things like a random 404 handler or files named as md5 hashes of iana service names of CMS id numbers, you guys are 100% the reason why I’ve stopped recommending HTB as a good place to practice this stuff.
s/really interesting/really obscure/
I also don’t pay a ton of attention to points, but irked being 20 pts and this one being 30 is pretty comical to me. The user blood on that took 7 minutes. This one took almost 5 hours. I guess 10 points is worth more than an order of magnitude of difficulty? That’s interesting to me given that I got a blood on lightweight (30 pts) in about an hour.
Such a disappointment. This box is waste of time.
I have spent 3 days of my life, enumerated a lot and have found just rabbit holes. Thanks, at least it was free.
This box teaches me don’t spend too much time for nonsense.
Spoiler Removed
I dont think its a guessthebox thing
It has some interesting stuff in it and u need to enumerate!
Enumerated till I got to the blind old man, looking at the dump and staring like an idiot.
Can someone please pm me about the disabled stuff? Stuck there and I’m afraid I am in a rabbit hole.
ok r00ted, realist box, very helpful for pentests or bug huntings.