HackTheBox Blunder Hints

 USER HINTS

----------

1. Enumeration is key as files often contain juicy nuggets.

2. Google search will help you here. Newer the better

3. way too much magic for my liking and rabbit holes because common tools not working/not being enough..

4. Certain image files could be helpful but not entirely necessary. Look for new versions.

5. Once you have popped shell, what files can you find? Surely there is something juicy laying out in the open. Beware for rabbit holes!

6. Enum, Enum, Enum... pay close attention to what you see.. And always remember that newer things are always better

7. Once again. Just enumerate more.

8. what is the first step you do when you get a shell exploiting a php application?

9. start enumerating from where you landed 

10. enumerate well on the inside. Where are creds typically found?

11. check all versions

12. Look around where you land

ROOT HINTS

----------

1. You can run a common enumeration script for this but first check for what p*******s and permissions you have. Does these things have a way to circumvent them?

2. Go back to the basics of privesc.

3. Check abilities. If you are one who tracks vulnerabilities frequently, you might see this right away. It took a while for me.

4. Don't overcomplicate it like I did.

5. Took me way too long to find the vuln to gain privesc. Super basic Linux priv esc. Combine the powers you have with a recent exploit, and you will have your path marked for you.

6. Its basic privesc and giving any clue will be a spoiler..!!!

7. This is where I wanna chip in my two cents. If you're having trouble figuring out root, stop overthinking it. The solution is extremely easy. From user, it should take two commands to have root. There was a CVE released last year in relation to the privesc. If you've checked everything already, check what your user is allowed to do, it should look a little suspicious.

8. easy to say, but not so easy to guess. Pay attention at the only result linpeas would give you. The exploit is one single command. If you're uploading something to do root privesc, you're on the wrong path

9. just google you privilege

10. There is a good john hammond or liveoverflow video (cant remember which) on how to do the root privesc with an indepth explanation, it was released in late 2019 iirc; gtfo of the recycling bins, and keep it to 1line.

11. enumerate yet again, Google what looks strange

12. don't waste time with second user (s...n), first user is enough to elevate privileges.

13. Routine priv esc. I had mistyped it on the first try and mistakenly thought it wasn't the right exploit and instead spent 30 min looking elsewhere.