TUTORIAL HTB Challenge Micro Storage [DISCUSSION]
by intotheunknown - September 18, 2021 at 04:10 AM
#1
Name: Micro Storage
Points: 20
Creator: hfz
Type: Misc Challenge
#2
Anyone finished doing Micro Storage ?
#3
Filename doesn't like special characters.

As for now i've only found a "Your file "xyz" has been saved. (4092 bytes written)"
After you've created and filled a file.
Anything beyond 4092 Bytes (or 4091 characters) aren't written.
What happens with them? OF possible?
//edit: sometimes more can be written. Most of the time only a few bytes. Looks like it's compressed into base64 right after writing

no luck with ce trough filenames

Also retrieving the files feels vuln. don't know the way but i'll look into it.
#4
You guys connecting to the port via Telnet? When I try to select the options like 1 for example it says option not available.

1 => Upload a new file (10 file(s) remaining)
2 => List your uploaded files (0 file(s) uploaded so far)
3 => Delete a file
4 => Print file content
5 => Compress and download all your files
0 => Quit (you will lose your files!)
>>> Choose an option: 4
[-] No such option.
#5
(September 19, 2021 at 05:21 PM)Pikachu1 Wrote: You guys connecting to the port via Telnet? When I try to select the options like 1 for example it says option not available.


try connecting via netcat
#6
Ah yeah i was using -p so it wasn't working. Used it with just the ip address and port and it worked.
#7
It is basic gtfo bin
Tar , make filename be parameters for the files naming
#8
(September 21, 2021 at 07:57 PM)paulwatson42016 Wrote: It is basic gtfo bin
Tar , make filename be parameters for the files naming
can u give a writeup for this
#9
(September 21, 2021 at 07:57 PM)paulwatson42016 Wrote: It is basic gtfo bin
Tar , make filename be parameters for the files naming

Exactly, just search for tar gtfobins and understand how you can abuse tar to run arbitrary commands
#10
(October 08, 2021 at 05:13 PM)whv Wrote:
(September 21, 2021 at 07:57 PM)paulwatson42016 Wrote: It is basic gtfo bin
Tar , make filename be parameters for the files naming

Exactly, just search for tar gtfobins and understand how you can abuse tar to run arbitrary commands

yha, use key -I, but how payload command get /flag.txt, them special characters (/ ; && ) not working in interface

I some get

uid=1000(storage) gid=1000(storage) groups=1000(storage)

Filesystem    1K-blocks    Used Available Use% Mounted on
overlay        51570124 21655108  27780864  44% /
tmpfs              65536        0    65536  0% /dev
tmpfs            4086256        0  4086256  0% /sys/fs/cgroup
/dev/vda1      51570124 21655108  27780864  44% /etc/hosts
shm                65536        0    65536  0% /dev/shm
tmpfs            4086256        0  4086256  0% /proc/acpi
tmpfs            4086256        0  4086256  0% /sys/firmware


/home/storage/5f06483e93f76a944b6e0cfc38e1c7ef
#11
tips: split command to many files :)

Possibly Related Threads…
Thread Author Replies Views Last Post
TUTORIAL HTB Toby [Discussion] Aadhi123456 87 18,303 3 hours ago
Last Post: v411d
TUTORIAL HTB Backdoor [Discussion] 0xsdq 45 18,322 6 hours ago
Last Post: warindd
SELLING Synack Assessment All Challenge Writeups In Cheap ASTRA000 61 10,610 Yesterday at 03:33 PM
Last Post: ASTRA000

 Users browsing this thread: 1 Guest(s)