Irked

1246729

Comments

  • Been stuck on privesc to root since yesterday. Anyone who wouldnt mind giving me a nudge to what to look for more specificly?

  • I wish the box creator didn't log hackers actions. I rooted the box before getting user because the steps were logged in an obvious file... I always give a reset before i try a new box, but i guess someone was faster then me and spoiled the box. :angry:

  • i found my way in but i didnt find the way to open the user.txt from the dj. I check linenum since hours. a hint would be helpfull

    SekIsBack

  • blkblk
    edited November 2018

    Just owned the machine. User was pretty straightforward with a little 'CTF challenge'. I found root to be a bit harder. After speaking to someone else about it, I found there was a much easier way than mine though.

    For anyone still stuck: as someone said before 'knock on all the doors'. When you can't get to the user.txt, look closely at the files you're presented.

  • any hints ? :/

  • Got Low Shell

  • Anyone asking for privesc hints this late in the thread simply isn't trying at all nor are they reading any posts that have incredible hints in them.

    At this point you have to ask yourself: why are you doing this if you refuse to even attempt to figure it out on your own?

  • hmm well the irc is working :)

  • @Legohund said:
    hmm well the irc is working :)

    Yep :)

  • @nawaronin said:
    @Skunkfoot I meant the output of the system enumeration, that I didn't read carefully. I was expecting something that will stick out with a crazy name. Instead, I was looking at that file like 3 times, and dismissed it like "nah, that's not it, that's probably some htb process". Oh boy, how was I wrong.

    Ah yeah I did the exact same thing haha.

    @Phrenesis2k said:
    I always give a reset before i try a new box, but i guess someone was faster then me and spoiled the box. :angry:

    This should be standard practice by everyone, if not an outright rule or something. I always reset a box when I finish it. (Although to be fair, on a free server with a new, easier box like this, there would be constant resets and people would be pissed).

    @rbit said:
    Just owned the machine. User was pretty straightforward with a little 'CTF challenge'. I found root to be a bit harder. After speaking to someone else about it, I found there was a much easier way than mine though.

    For anyone still stuck: as someone said before 'knock on all the doors'. When you can't get to the user.txt, look closely at the files you're presented.

    That knock statement threw me off for a bit. I started looking into port knocking and all sorts of crazy stuff. Obviously I was way overthinking things.

    --Skunkfoot

  • @Skunkfoot said:

    That knock statement threw me off for a bit. I started looking into port knocking and all sorts of crazy stuff. Obviously I was way overthinking things.

    Knock knock!

    Hack The Box

  • Got Root before getting user.txt
    can someone tell me in PM how you decrypt this .ba**** file :open_mouth:

  • @rzouzou go back to the main webpage

    CKasper

  • Can you give me some hint for get user :(

  • for reverse shell do we need to have any port forwarding. I m able to root using msf but unable to get reverse shell using manual method.

  • I don't know why, but the .b******** file is still tripping me up. Lost on where to use it.

  • for anyone stuck with .b*****
    read the file again
    it tells you what do you need to do

  • edited November 2018

    @SHANK00APPU said:
    for reverse shell do we need to have any port forwarding. I m able to root using msf but unable to get reverse shell using manual method.

    read that
    edit: i send you in PM

    peek

  • SOmeone who get a reverse shell without msfconsole, please PM me!!!

  • Guys, this is a simple machine. That doesn't necessarily mean it's easy, because experience levels vary and you may have never come across this particular vulnerability before, so it may not be obvious to you. But, it is simple in the sense that there just isn't a lot going on, so there aren't very many questions you could really even ask.

    All the hints you need, all the answers to your questions, are in this thread. If you have a question, read through this thread and I bet you'll find an answer. :)

    --Skunkfoot

  • Rooted.
    Fell free to send me a message if you are stuck.

  • Hey, so I just joined HTB a couple of days ago, and based off community ratings, this seems like it's supposed to be an easy box. Maybe it's just that I personally have basically zero experience with CTF-type challenges, but I just can't seem to get anywhere. I'm seeing a lot of hints about what to do once you have a reverse shell, but I can't even get that far. I admit it is quite possible that HackTheBox is just currently above my skill level, but if that's the case, where might I go to get more beginner experience?

  • @TheMightyQuinn said:
    Hey, so I just joined HTB a couple of days ago, and based off community ratings, this seems like it's supposed to be an easy box. Maybe it's just that I personally have basically zero experience with CTF-type challenges, but I just can't seem to get anywhere. I'm seeing a lot of hints about what to do once you have a reverse shell, but I can't even get that far. I admit it is quite possible that HackTheBox is just currently above my skill level, but if that's the case, where might I go to get more beginner experience?

    Honestly, VIP on here is really good because you get to practice on the retired boxes and they have writeups, you can follow along and get an idea of the methodology used.

    Watch IppSec on youtube and of course google the gaps in your knowledge.

  • edited November 2018

    Any hint on .b*** file? Im starring on it for hours now and have no clue what to do with it.

    NVM got it xD

    xeto

  • @xeto said:
    Any hint on .b*** file? Im starring on it for hours now and have no clue what to do with it.

    Look above - the first line is such a massive hint. Dont overlook what you first saw

    ZaphodBB

  • @xeto said:
    Any hint on .b*** file? Im starring on it for hours now and have no clue what to do with it.

    NVM got it xD

    This is 500% ctf-style :-D

  • edited November 2018

    Hey guys, I may need some help. After the main page, I saw the i** port open, even connected to it (I never really used this kind of chat). Searched for exploit related and found. But when I try to use it on our well know msf, it doesn't open me a session ... Am I on the right track ? Or I should look elsewhere ? (of course I double checked the options I set)

  • got stuck on steg . hee hee.

  • This was a fun ass box :). Got root, learned a few new things!

    b1gbroth3r

  • edited November 2018

    I cant get that CVE to catch either, i keep hearing steg but no pw even though somethings definately there, ive fuzzed too and its clean mostly. Ive looked for every CVE, Even wrote a few scripts that should have worked. i think im over thinking this one. I also spent hours trying to exploit the R** services to no avail.

    (edit: ok i found the box was just always messed up, the timing was an issue i think. did the same thing i tried 100x before and it worked, and i did get it working without MSF for those asking)

Sign In to comment.