• Rooted at last, thank you @egotisticalSW that helped understand the situation. Was stuck there for ages. Root was a lot easier than i thought.

    Overall, this is an easy box, only thing i found hard was p****_b**** and that was mainly because i misinterpreted some of the hints given. Nice box that helped learn a few stuff.
    Thanks @L4mpje !

  • edited January 2019

    Ok so i have user, been trying to get root for a while now. Still not seeing what i need to do with the i**** file in a****-a***, Have read c*** manpage as well. Can anyone DM me for a nudge in the right direction. Would appreciate it.

    EDIT: I managed to get root. Overlooked the required change inside the file as i did not think it would be that easy. Turns out it is. Thanx @jkr for the assist.

  • @Deus9 said:
    How many votes or how long does it take to reset box? Someone defaced it and cant do anything now..

    Edit: Fixed now but would still like to know how it works.

    Very sad to see how it is now. This is a site where we can learn and talk about what we like.
    Why would someone come here and loose time creating messages of hatred??


  • First time on the box, new to all of this hackery stuff so if anyone has a tip I would greatly appreciate it.

    I got the login info, tried to add my own php page to place shellcode in. I placed the file in the same dir as index.php, when I try to access it I get requested URL not found. Avenues I have explored via Google advise that I need to install modules, but from reading the entire thread this is not the way to do it. I know I am in the right place as when I put <?php echo "Duh; ?> in the index file it shows on the site.

    Much appreciated, I don`t want the answer, just a nudge in the right direction. Thanks.

  • anyone willing to help me understand how to get a root shell? I have root.txt but I can't find a way to use the same command to get a shell...


  • got it, thanks


  • Finally root! Thanks to people how helped me!
    For User was easy. The root is really awfull because as many I searched something very far. Then I was close but I still missed something. So when you know how to solve it, yes it's easy. Good box for beginners!

  • so I have user and have seen the 2 files, but not sure how to proceed, appreciate a nudge here :)

  • edited January 2019

    Also have user, have seen the 2 files, tried editing them both, both get overwritten it seems, i can see what happens periodically, but unsure on the process going forward to get root.txt, also would appreciate nudge, thanks

    EDIT: figured it out, was overthinking it. thanks zz123 for the nudge.

  • I have just got the root flag and was wondering if anyone manage to get a reverse shell as root?

  • edited January 2019

    Could anyone help me for getting the root.txt and root shell? I am stuck for a long time after got the user.txt, thanks.

    Got the root.txt, thanks @jkr . Working on the root shell right now, maybe need some hints for that, thanks.

  • Help me, please. Now, i got admin panel in joomla

  • @zav4ik said:
    Help me, please. Now, i got admin panel in joomla

    Look at the environment and think how you could get a stable shell.

  • rooted this machine if anyone need help feel free to pm :)

  • got user and root but did it through shell and some help. could someone who did it the conventional way give me a nudge on doing it through c***?

  • edited January 2019

    Got login credentials, I might have found a way to get a reverse shell but always get "WARNING: failed to daemonise" with error 110 or 111 every time.
    Is it possible to get some help ? Thanks !
    EDIT: Got user, trying to get root now
    EDIT2: Finally got root, way too much overthinking, try to understand what is going on in a****-a*** with the files and you'll see it instantly !

    Hack The Box

  • just finished this. great box!
    user and root was way easier that the initial foot hold in my experience. but the methods are also something i have more experience with.

    Not gonna lie as web frameworks are a weak spot of mine. the initial took me hours.
    it didn't help that i was spoiled when getting to the site the first time and someone defaced the main page. it was subtle but with the rating on this box i thought maybe it was meant to be there plus the box had just been reset. even reading the code it looked legit. once i got in though the box got reset again. i had to figure it out myself and since i knew there was something on the site i could use(just couldn't see it anymore) i spent hours trying to do it...wrong. i was eventually able to figure it out myself after giving up and starting over from scratch. rebooting the box. and doing proper enumeration.

    i make it a point not to deface any public pages on the boxes. as that screws up beginners that don't know what they are doing(like me :)). i got lucky and the box was reset. but if i had solved this right away when i first got shell i would not have learned anything. if anyone reads this...please don't deface the public pages of sites. it ruins the experience for the rest of us.(i understand some boxes require editing config pages and such. but this one 100% could be exploited without making it public).

  • I got the reverse shell, however don't know how to proceed further, I have gone through all the discussions. Any help?

  • You hit your head when things are too obvious. Learnt the concept "Try smarter more than try harder" hard way :open_mouth: Got the root shell but not so stealthily.


  • Rooted. Interesting little box.

    There is one thing I cannot figure out though. Specifically why the system does a certain thing. Can anyone PM me so I can elaborate?


  • edited January 2019

    FINALLY ROOT SHELL. :relieved:
    This was a really simple machine yet it took me a lot of time and work hard to get root shell.

    I hope this is not a spoiler but for those seeking for root shell: the usual tool does not work, at least not with it's built-in options ;) One should check versions ALWAYS!! (that's my learning).


  • prhprh
    edited January 2019

    Just got user and root, but I'm struggling with the root shell even though I can read the files from /root/. If anyone who have done that could PM me, I'd really appreciate

    EDIT: Just got a root shell
    The hint here is to don't jump the obvious.

  • Hello guys ... can you help me please .... i got user.txt ... but i don't know what is the next step to get root .... can someone PM me Please :) thanks in advance

  • I am stuck hard with those two files in a****-a*** ? help please :(


  • Solved it, only now to decipher boath flags from files :)


  • And done boath ;)


  • Guys Im kind of noob and I really got stuck on that machine and need some help. Tried me*******t exploits agaist j****a but none of them worked. Tried to look in the s****e c**e and found s****t file , decrypted it but the information didnt helped me for anything.

  • @nervus said:
    Guys Im kind of noob and I really got stuck on that machine and need some help. Tried me*******t exploits agaist j****a but none of them worked. Tried to look in the s****e c**e and found s****t file , decrypted it but the information didnt helped me for anything.

    Me*******t exploits won't work here. You need something simple than that. Once you're into admin page of the service j****a, what can you do with it? any sort of backdoor?

    Drop a message here if you need any nudge.

  • Curling was not particularly difficult compared to some of the other machines out there. PM me if you need some assistance/hints.

  • Really stuck on root.txt. I've been reading all of the hints, but I'm just not getting anywhere. If anyone could PM me it would be much appreciated!!

Sign In to comment.