HackTheBox Buff Hints

Here are some hints :-

USER HINTS

----------

1. Standard enumeration of a service. Google will tell you how to proceed. Someone has even done the hard work for you. Now upgrade.

2. There is a big hole and it is available readily for the public.

3. Pretty straight-forward. Box don't even need special recon, just read the pages. Then find exploit and run it.

4. Enumerate the website and try to google things.

5. Proper Enum & Googling. It's pretty straight Forward.

ROOT HINTS

----------

1. More enumeration. A usual location holds something important. Google some more. Look at the code, modify as needed. Before you proceed, look around again. Maybe things look different on the inside.

2. Enumerate; compare outside/inside "view".

3. There is something on this box that can help you move "forward".

4. Finicky as there were a few options, and lack of feedback. Ended up testing locally, found success, then replicated. Had never used p****.exe before but was familiar with similar programs.

5. Enumerate and you will find a file which indicates towards a privesc.

6. Enum those Services & Google-fu. You will find the right exploit. If the Box doesn't like whatever the code (Python/C) you want to execute directly onto it, Compiling it locally is always a choice.