Irked

13468929

Comments

  • @timmy5 said:
    I wanted to do it without msf, it was a custom payload and not a single thing worked nomatter what i made it do. I found for those that have had issues with non msf exploitation (it seems like most have) it has to do with specific timing of when you send the payload which isnt actually clear at all when you look in to what msf is actually doing and the CVEs dont mention it either.

    Just a note for those who want to do it the old fashioned way.

    I personally avoid using MSF if I can , looked up the CVE and did it manually as per an article that explained how its done. Ran it a few times actually and worked every time , I'm on VIP so maybe its a bit more stable there

    Hack The Box

  • @TheMightyQuinn said:
    Hey, so I just joined HTB a couple of days ago, and based off community ratings, this seems like it's supposed to be an easy box. Maybe it's just that I personally have basically zero experience with CTF-type challenges, but I just can't seem to get anywhere. I'm seeing a lot of hints about what to do once you have a reverse shell, but I can't even get that far. I admit it is quite possible that HackTheBox is just currently above my skill level, but if that's the case, where might I go to get more beginner experience?

    I'm on the same situation.
    I scanned ports and found out i** and u*** (both udp) open but I have no clue of what to do, spent all day googling around exploits and nothing... Can someone send me a hint? I've tried spawn a reverse shell with netcat on those ports but 0 progress

  • @vitorfhc said:
    Can I have a hint on root? I am pretty new to this. Also I don't want spoilers, just hints, I tried a lot of priv esc techniques from https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/ but maybe I let something pass...

    whilst enumerating you will find something that doesnt belong - you wont find this on a clean / standard linux install

    ZaphodBB

  • nc should work for the CVE, keep trying different times and more importantly different payloads.

    also my hint for root, when you find it you wont expect it, or atleast i didnt, lucky guess for me after reading what was going on with the system.

  • Is it easier than what I'm thinking? PrivEsc... perm-ing my hair out

  • Yeah, enumerated with LinEnum, read the output some times and tried some things that caught my attention. Nothing worked. I am overthinking or something like that.

  • i need help for priv esc. somebody can help? pm pls

  • Rooted ...... Thanks to @ZaphodBB & @Sigilli . As they said it ..... all the hints given are enough !! but if you need any help PM me \n/ :)

  • edited November 2018

    For the record linenum didnt help me, it added so much additional info it masked the simple thing you should be finding in regards to privesc. Basically if you are going down a rabbit hole of any depth, you are taking the wrong path.

    To me though, this was 10x harder than jerry, i had an easier time with carrier, waldo, access,etc... jerry didnt have privesc and the goals were more clear.

  • Rooted. Cool box. Back to the basics.

    priv esc requires a basic enumeration script and some reading. Go slow through your output. I rushed until one of you was like "SLOW DOWN". If you're familiar with linux binaries, you will see it. If you're not familiar, pull up what right looks like so it sticks out.

    "ClickmedotEXE"
    CISSP | OSCP
    arodtube

  • PTDPTD
    edited November 2018

    @timmy5 said:
    For the record linenum didnt help me, it added so much additional info it masked the simple thing you should be finding in regards to privesc. Basically if you are going down a rabbit hole of any depth, you are taking the wrong path.

    To me though, this was 10x harder than jerry, i had an easier time with carrier, waldo, access,etc... jerry didnt have privesc and the goals were more clear.

    As a matter of interest how did you find Carrier easier than this ?

    This box was easy because in every step the hints are there slapping you in the face. All you need to do is basic enumeration which you should know before attempting any box

    ZaphodBB

  • First off - I think the "easy / hard" discussion is entirely subjective. If the person creating the box has created a path you'd think of, the box is easy. If it isnt, the box is hard. ( I actually found Jerry quite hard at first ).

    Secondly, if you are stuck on this box, dont get frustrated just because other people say "easy, I pwnd it in 20 minutes." Read through ALL the pages on this discussion and make sure you understand the hints. The path to completion is pretty much laid out (even when the obvious spoilers have been removed).

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Rooted. Thanks @TazWake for confirming I wasn't crazy. PM if anybody needs help and I can provide some none spoiler hints :)

  • Rooted. It took me a long time. Despite the hints I followed many rabbit holes.

    Deleite

  • Guys, reset the box when you finish it. This should almost be a rule, especially for free servers.

    People are getting in, finding the file, running it, and automatically getting a root shell, and they think they've completed it. The whole point of this is to learn about these vulnerabilities and how they work.

    --Skunkfoot

  • Hello Guys, i have a problem with b***** file, i no have idea what do!!
    Thank you to all

  • @cipster86 said:
    Hello Guys, i have a problem with b***** file, i no have idea what do!!
    Thank you to all

    read the message -it tells you all you need to know

    ZaphodBB

  • edited November 2018

    ~Im connected to a vip lab and its blocking my pings and showing all ports filtered when scanned, but I can access the main page? Is this normal? Ive never seen it do this on the free lab~ nvm I'm having this same problem with other machines so it must be something on my end

  • This is a very stupid way to get root.txt, imo. I am a Linux guy and had to come here to get clues on how to obtain root.txt. Once I realized what everyone was talking about, I quickly made a one-liner that funnels directly to the necessary file.

    I'm willing to help if someone has questions. Let me know what you've tried first.

  • Not seeing the priv esc through usual post exploit enum - can someone pm me a hint?

    Hack The Box

  • Can someone pm me a hint for root.txt? I think I found something interesting but im not sure if im on the right track.

  • for root, standard linux enumeration can find you an interesting binary file

  • Rooted. If you stuck pm me.
    I think priv part is easy but user part I lost a lot of time.

  • Having some issues after reading through this discussion but I'm getting closer. I finally got a low level shell. I can see where the user.txt file is but none of my commands work to view it. I need to escalate privileges but I'm at a loss. Any hints or reading anyone can suggest? I'm afraid I might be trying to tackle this the wrong way.
    I got Jerry pretty quickly but this one is killing me. I'm new to this as well.

  • Rooted now, thanks for the help.

    Hack The Box

  • edited November 2018

    Alright I got user. Any tips on where to start with root?

  • I finished the root flag, thanks to everyone who helped me with the tips!

  • I'm having a bit of trouble with the privilege escalation part. It feels like I'm on the right track and found something but I feel like I'm missing something. Could someone pm to know I'm on the right track? Any help would be appreciated :)

  • For those who still struggle with this machine, the tip that helped me was to check for unusual binary file.

    I couldnt find way to get user so i went straight to root. i didnt find this machine as easy as some say because i am not so used to this kind of files for priv esc

  • I have a problem with the root.
    Could anybody help me ? i search a suggest on what to watch..

Sign In to comment.