Trickster Discussion [HTB] [HINTS]

Let’s talk about Trickster. Please do not share any flags or writeups.

A medium-difficulty Linux machine, solvable in 2-3 steps.

The creator of the machine is EmSec.

This season, he has created two machines, Sightless and Infiltrator. Both are well-crafted challenges and you can find plenty of hints on our forum.

2 Likes

Found Subdomain shop. and .git directory with some kind of hash and maybe a user account.

There are many exploits for prestashop but couldn’t enumerate the version so far.

version is 8.1.5 but i’m still searching for something useful

can you tell me where did you find the hash?

exploring the .git directory and contents

shop subdomain contains .git use git-dumper you will find a weird directory go to it

can someone help locate the hash i did find a hash but i don’t think it’s correct

Follow this blog post to get initial foothold.

After cloning the repo, you need to modify every file, like ip addresses as yours and URLs. Otherwise you won’t get a shell.

And lastly, copy the reverse_shell.php into to malicious theme zip file.

2 Likes

Also you need to locate the admin panel direction from .git files and edit the exploit payloads.

1 Like

I am trying to crack database hashes for users including adam, admin and few more. but no success for now.

can you give me a hint on how did you find them

i’m talking about the admin panel hash and thanks in advance

Did you get a shell?

After getting just connected to mysql.

no i’m still in .git trying to find a hash

Use this carefully

1 Like

Hash cracking is successful.

For user flag, crack the db hash of james. It took some time. Be patient.

1 Like

can you please give me hint for the mysql, i didn’t find any creds

check the tables ps_customer and ps_employee

no i mean i can’t even connect to mysql tried all creds possible like root toor admin no password found my linpeas didn’t find any creds, also i checked mysql folder no conf file