• So i found a password that im 100% is a password to something. usernames are typically admin. i had attempted to login but got a "security token" error. Now i cant login with the same creds i think. Should i reset it?

  • edited March 2019

    After almost two days on this seemingly easy box I finally found the root flag. I'm still not sure which process is running and updating that one file, so if anyone is willing to discuss please dm me.

    thanks to jkr for showing me a nice way to monitor the running processes :)


  • edited March 2019

    rooted, but i got user by uploading shell , i wanna know how the others overwriting the index.php to get shell , plz PM me :smile:

    Edit: got it, I'm an idiot :grimace:

    No Hack No Life ✌😒
  • Rooted, fun box! I actually got it through a root shell. I would like to know how others did it, I think there is another way by editing a certain file i...t.txt. I think it would also be possible to output the flag in a way. I saw others try it. Somebody cares to share this method (PM)? Thanks!


  • I feel like an idiot, I have fount he se****.*** file and I even know how to drop a shell, but I cannot find the way to use that password (transformed I mean) with any user or where in the login. Could someone drop me a PM to help?

  • Im baffed! What is it about "curling" i dont get. How can I privesc with it. I have a low priv shell banging against the directory that contains. user.txt if anyone can help me get a root shell I would be very grateful. PM me if your further behind and need a leg up to here

  • Got root. Enumeration helped me a lot to find the vulnerability.
    I did not need any additional editing. (
    Frankly speaking, rooting was much easier than extracting user password from that file ((((

  • edited March 2019
  • rooted if you need help pm :)

  • edited March 2019

    Still very much a noob at this but I managed to get root.txt with only the slightest of hints. What amazes me is a) I make the intuitive leaps that actually get anywhere and b) that anyone else does!

    Haven't managed to root the box though... Is this done via the mechanism that was used to grab the flag?

  • edited March 2019

    I'm trying to get the reverse shell by using a technique learned from ippsec (popcorn). Joomla however refuses to accept it no matter the content type, extension or the content of the file itself.

    Is there any other way to upload "unsafe file" and execute it?

    EDIT: Of course there is...

  • Could someone please PM me a hint regarding a****-a*** and the two files in there? Can't figure out the command.

  • Type your comment> @Parrrs said:

    Type your comment> @mortone said:

    hi guys. could somebody help me with p*******_b***** file? the question is how this decrypting works..

    level 12 of Bandit on Over The Wire, search for it, you'll understand...


  • Oh what fun box that was!

    Rooted and I feel so happy, that nobody did PM me with hints and I did it on my own.

    I'm happy to help someone who's stuck.

  • I'm stuck on obtaining root.txt using curl could someone PM with some hints?

  • edited March 2019

    Edit: Just, picked up root.txt.

    Don't overthink it like I did.

    Exploits come and go, methods for privesc may change, but being able to have awareness of your environment and surroundings of what is currently in front of you is a soft skill that everyone needs to have and work on, even for myself.

    Also, thanks @Monty for pointing this out to me.

  • edited March 2019

    I keep getting
    WARNING: Failed to daemonise. This is quite common and not fatal. Connection refused (111)
    What is the solution to this? Does this warrant a reset?

  • Thanks for the machine! User flag took about 30-40 mins and two cups of coffee. Root flag took about 30 mins and then root shell about 15 mins after that. Learned something new when it comes to figuring out the subgoal of the next step in theory and then researching how to do that in practice and what commands you need to achieve it.

  • edited March 2019

    I got user and root, I think by the intended route.
    Edit: and it took an embarrassingly long time, but got a root shell.

  • Got Root and User. If anyone needs any help PM me anytime.

  • edited March 2019

    Hi huys i cant get the reverse shell in the admin page, i was looking in the source page but i cant find nothing, somebody help me please im stuck ... :( , y tried to upload a php shell but its says : Unable to find install package

    EDIT: Nervermind , i found the way, godness it was.... weird haha... Now im stuck in root.txt

  • Somebody can help me? im stuck in root.txt im enumerate the user folder but nothing

  • edited March 2019


  • So i've got the privelidge escalation and the user flag however can't seem get the root flag. I found hte i*** and the r*** files and think i know hte correlation but I can't escalate it.. Also cant find the process running it. I feel like a noob and i know its probably easy. Can anyone help me? DM please!

  • ROOTED !!

    PM for hints

  • Hi,

    I am trying to get the user. i did nm** and found 2 ports open. on h***, i found some hash words in s*****.t** but i am not sure what to do with this h*** word..
    Am I on the right track?

    Pardon me for the noob question. this is my second box. Thanks.

  • edited March 2019

    I managed to get a shell uploaded and ran nc to get my shell back, but after uploading it, nothing happens. Have I done something wrong? I know my code needs executed in order to return a shell, but I'm not sure how to get this back... Could anyone who has already rooted provide me with a nudge?

    Edit: Stuck on the final stage now... Can't seem to get this i**** file to do what I want... any hints on this?

    Hack The Box | Retired Machine Writeups! - "Let me just quote the late, great Colonel Sanders, who said, 'I'm too drunk... to taste this chicken.'”

  • I got the shell but of webuser. weird backup i cant make it readable! and looks like that's the way forward.


  • edited March 2019

    Finally rooted this machine, it was a tricky one tho. Fun it is ... PM for Hints..


  • ppl asking basic questions:

    Use it! Use it wisely!


Sign In to comment.