on irked box i have done user part
on priv esca part i found the v*****r file
and it is looking for /tmp/u*******s file but i dont know what to put inside that file
please pm me any hint or ref to some blog post!
Couldn't figure out the user puzzle. Apparently the answer is right in front of me but I don't do a lot of CTF so I just owned root instead. Would like someone to PM me the answer to user now that I'm done. Root definitely requires you to enumerate and scrutinize innocuous-looking binaries.
Thanks for the hints, everyone. Here's mine: This privesc can get a bit sticky but it's not difficult to exploit so don't bash your head against the wall.
I'm completely stuck. I know I'm 100% overthinking this but I can't seem to figure out the next direction. I found the initial foothold very easily. But now not only does the b***** file not make sense to me (I know what it references but everything I tried doesn't work), I also took a look around for the potential root vector but I'm not seeing any strange binary file. I guess I'm just overlooking it? Can someone DM me with no-spoiler hints?
EDIT: I was absolutely overthinking. The b***** file is incredibly simple. Think back to your stego challenges and the tools you've used. The privesc was simple as well. What helped me was looking at the binary files in comparison to my attacking machine and comparing the two. Shoutout to @ZaphodBB and @natanrigailo for helping to shift my stuck mindset and give me the nudge I needed
Like so many hints in this section......the way to find root is by looking for a file that's normally not there. Think about what kind of file has the power (permission) to alter things that normally are restricted/protected? For the people who didn't find it in the enumeration scripts.....look closer.
Also for the ones that are asking help with "I found file x******z and don't know what to do with it".......it's a dead give-away. With the right find command you still give the answer, which can count as a spoiler.
Been looking at this for a while now. I've found an interesting file that requires a closer look, which contains a common little code as well as what I assume is a hint. Only issue is I can't find anything where that code is relevant!
I took a few months off from HTB, and either I got really rusty, or I'm missing something obvious. I have the initial shell, and I can see user.txt, but can't read it... whatever I'm missing has to be painfully obvious but I have spent about 2 hours and can't seem to figure it out.
@valentinelocke said:
I took a few months off from HTB, and either I got really rusty, or I'm missing something obvious. I have the initial shell, and I can see user.txt, but can't read it... whatever I'm missing has to be painfully obvious but I have spent about 2 hours and can't seem to figure it out.
Perhaps the size of the text file and the size of that directory aren't the same?
@valentinelocke said:
I took a few months off from HTB, and either I got really rusty, or I'm missing something obvious. I have the initial shell, and I can see user.txt, but can't read it... whatever I'm missing has to be painfully obvious but I have spent about 2 hours and can't seem to figure it out.
Try go back to basics. Think to yourself, what can the string inside this 'pass.txt' file do? Can it be used to do something that may lead you to reading or accessing user.txt?
I have low access shell, but I can't move forward. I found user.txt and .b**** files, but I can't use it properly. Please hint me, those files is necessary to go forward?
@valentinelocke said:
I took a few months off from HTB, and either I got really rusty, or I'm missing something obvious. I have the initial shell, and I can see user.txt, but can't read it... whatever I'm missing has to be painfully obvious but I have spent about 2 hours and can't seem to figure it out.
Perhaps the size of the text file and the size of that directory aren't the same?
Howdy Folks! This is my first attempted box. I got my low priv shell and would appreciate a hint or two for root and user if anyone is feeling generous!
Comments
Hi
on irked box i have done user part
on priv esca part i found the v*****r file
and it is looking for /tmp/u*******s file but i dont know what to put inside that file
please pm me any hint or ref to some blog post!
thanks
Couldn't figure out the user puzzle. Apparently the answer is right in front of me but I don't do a lot of CTF so I just owned root instead. Would like someone to PM me the answer to user now that I'm done. Root definitely requires you to enumerate and scrutinize innocuous-looking binaries.
Thanks for the hints, everyone. Here's mine: This privesc can get a bit sticky but it's not difficult to exploit so don't bash your head against the wall.
I'm completely stuck. I know I'm 100% overthinking this but I can't seem to figure out the next direction. I found the initial foothold very easily. But now not only does the b***** file not make sense to me (I know what it references but everything I tried doesn't work), I also took a look around for the potential root vector but I'm not seeing any strange binary file. I guess I'm just overlooking it? Can someone DM me with no-spoiler hints?
EDIT: I was absolutely overthinking. The b***** file is incredibly simple. Think back to your stego challenges and the tools you've used. The privesc was simple as well. What helped me was looking at the binary files in comparison to my attacking machine and comparing the two. Shoutout to @ZaphodBB and @natanrigailo for helping to shift my stuck mindset and give me the nudge I needed
Thank you @ZaphodBB for all!!
got both user.txt and root.txt....i went straight to root though.
anyone want to guide me on the user priv? i can help with getting root.
got user as well now via steg. pm if you need assistance for user or root
thanks guys , rooted the box
The best 'hint' is
Something is not ON the page, something is IN (after you find file)
Good game. well played!

I'm stuck on Steg part of the .b****** could use some help!
> I'm stuck on Steg part of the .b****** could use some help!
YouTube, many tutorial about it
Managed to find p*.t
what kind of hash is that? couldn't manage to find how to crack it
the root is pretty easy. But how did you guys decode the user file? Can somebody PM me. Thanks
I'm a brave warrior of the sea and I have 8000 followers!
pm me!
can someone help me out with the beggining foothold? i think im looking at the right thing but im not sure
Like so many hints in this section......the way to find root is by looking for a file that's normally not there. Think about what kind of file has the power (permission) to alter things that normally are restricted/protected? For the people who didn't find it in the enumeration scripts.....look closer.
Also for the ones that are asking help with "I found file x******z and don't know what to do with it".......it's a dead give-away. With the right find command you still give the answer, which can count as a spoiler.
I'm still on limited user.
Wtf! is this a SNES International Super Start Soccer cheat! OMG! I love this game hahaha
Rooted. Pm me if you're stuck, but really all the hints are in this thread.
rooted. looks very simple when you do it! Thank you @mrcopy and others for help!
Been looking at this for a while now. I've found an interesting file that requires a closer look, which contains a common little code as well as what I assume is a hint. Only issue is I can't find anything where that code is relevant!
I took a few months off from HTB, and either I got really rusty, or I'm missing something obvious. I have the initial shell, and I can see user.txt, but can't read it... whatever I'm missing has to be painfully obvious but I have spent about 2 hours and can't seem to figure it out.
Perhaps the size of the text file and the size of that directory aren't the same?
finally got the root flag.
IDK if I did the right way. Can someone explain me in the pm?
Usered & Rooted. Thanks for the pointers in this thread, folks. Happy to provide small tips to others via PM.
PM me > @vitorfhc said:
PM me if you are stuck on root, maybe i can help..
Leaning From Cracking......
Try go back to basics. Think to yourself, what can the string inside this 'pass.txt' file do? Can it be used to do something that may lead you to reading or accessing user.txt?
Goodluck.
I have low access shell, but I can't move forward. I found user.txt and .b**** files, but I can't use it properly. Please hint me, those files is necessary to go forward?
Guys.. that is almost a spoiler

Seems to me like something changed since yesterday. Port enumeration gives me completely different results...
EDIT: someone just messed with the services, nvm
Well that was fun lmfaooo
Howdy Folks! This is my first attempted box. I got my low priv shell and would appreciate a hint or two for root and user if anyone is feeling generous!
Thanks!