Posts: 26
Threads: 7
Joined: Jun 2023
Jul 03, 2023, 11:22 AM
(This post was last modified: Aug 20, 2023, 02:19 PM by pokerface.)
Hi there my HTB fellows, I'm sharing with you full Snoopy writeup.
If the link stops working, PM me or tag me in post. I'll post new one.
https://anonfiles.com/lbl8Ycz8z0/Snoopy_writeup_pdf
https://anonfiles.com/mdEeod00z4/M_quina_Snoopy_pdf (Spanish version)
NEW LINK (IF ANONFILES NOT WORKING):
https://hyperbeast.es/snoopy-htb/
Posts: 24
Threads: 1
Joined: Jun 2023
this method doesn't work anymore cuz the cbrown user can only run git apply -v on files in the current working directory hence you cant read the id_rsa of sbrown using this method
Posts: 24
Threads: 1
Joined: Jun 2023
also the privesc method is outdated and doesn't work in the current version of the box due to the regex and --debug flag
Posts: 26
Threads: 7
Joined: Jun 2023
Jul 04, 2023, 10:17 PM
(This post was last modified: Jul 04, 2023, 10:17 PM by pokerface.)
(Jul 04, 2023, 05:57 PM)nullvoid Wrote: also the privesc method is outdated and doesn't work in the current version of the box due to the regex and --debug flag
Here, try this:
Posts: 24
Threads: 1
Joined: Jun 2023
(Jul 04, 2023, 10:17 PM)pokerface Wrote: (Jul 04, 2023, 05:57 PM)nullvoid Wrote: also the privesc method is outdated and doesn't work in the current version of the box due to the regex and --debug flag
Here, try this:
is this going to another post that is just copied from another link on the forums, cuz your original post is just the link you got from https://hacktheflag.onrender.com/machines/ that doesn't work... i am not wasting credits on this, seeing you last post.
Posts: 26
Threads: 7
Joined: Jun 2023
(Jul 04, 2023, 10:25 PM)nullvoid Wrote: (Jul 04, 2023, 10:17 PM)pokerface Wrote: (Jul 04, 2023, 05:57 PM)nullvoid Wrote: also the privesc method is outdated and doesn't work in the current version of the box due to the regex and --debug flag
Here, try this:
is this going to another post that is just copied from another link on the forums, cuz your original post is just the link you got from https://hacktheflag.onrender.com/machines/ that doesn't work... i am not wasting credits on this, seeing you last post.
The link I shared is also visible (for those who unlocked the content) on the main post in this thread.
Posts: 9
Threads: 0
Joined: Jul 2023
Posts: 25
Threads: 0
Joined: Jul 2023
thanks bro. keep it up This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Scraping. If you feel this is incorrect: https://breachforums.rs/Forum-Ban-Appeals
Posts: 24
Threads: 1
Joined: Jun 2023
Jul 05, 2023, 08:26 PM
(This post was last modified: Jul 05, 2023, 08:29 PM by nullvoid.)
i did unlock the main post on this thread but i can't see the new link that you have posted, as it says pay 8 credits to unlock this post
ok so i unlocked your new post and it still won;t work because the -f flag has been disabled because of the regex
Posts: 24
Threads: 1
Joined: Jun 2023
ok so the way i found to privesc is using a exploit PoC that uses dmg images to read files on the system
the CVE is https://github.com/nokn0wthing/CVE-2023-20052
this should help in reading root.txt in the updated box
|
