• edited May 2019

    If you're getting "successfull.y" and not seeing the fruits of your labor, double check your post and make sure you didn't make a typo or leave out something. This was my mistake, basically a typo/malformed request that cost me way too much time to figure out.

    Also, the advice people gave about copying/comparing to other p****** was very valuable.

  • Would someone be able to PM me for hints on user please? Pretty stuck on this one, I think I know what to do, but not sure how.


  • Feel kinda lost on getting root after nailing user, if some hero could point me in the right direction via a resource to read or a hint would be greatly appreciated. Feel free to PM

  • Someone could please help with root? I did everything i found in a tutorial but i dont know if i am doing it wrong or i dont know. I know what to exploit, how to exploit but i cant do it.

  • Hey, could someone PM me a hint for the S**T part ? I tried every command but nothing succeeds ...

  • I have that local high port reachable from my box ... get everything 403 Forbidden, what am i missing ? I know to where i have to go, have the credentials also, but that 403 ... help ? :P


  • edited May 2019

    Awesome machine, had a lot of fun even tho I felt frustrated sometimes. Thanks to @ZerkerEOD @kr0gh @xdaem00n and @r4w47 for the tips. I want to share some tips so people don't struggle as much as I did :
    1. The website gives you creds so log into the secure service
    2. Once you're there ask for help so you know what you can do. Don't focus only on this service since the secure service interacts directly with the web service (Don't forget your punctuation ;) )
    3. Retrieve interesting files, specially one with a strange extension
    3. Tunnel time (There are a lot of resources out there about this topic)
    4. Log in and read the code of all the files. Inspect the grayed out element and make some changes, upload your file and get a shell.
    5. Root time. This is the hardest part yet the best. You'll see that you can run some commands as privileged user. Google it and don't overthink it.
    Have fun (If you think this post has spoilers feel free to report it)
    Hack The Box

  • Yes, it was long and hard trip for root.
    I did not make the last step correctly and checked up for many hours my environment.
    Read a lot about Linux repo structure and files, a lot of theory and details.

    I would prefer not to learn of course so deep but you do not know which small step is necessary to pass the challenge. And I praise myself that I did the last small step by myself.

    And many thanks and big respect to all hackers on the forum for all hints and recommendations.
    And hats off to those pioneers who could pass this box on the first try.


  • Can someone please help me getting user? PM me

  • Can somebody give me a hand with the a-g up**** vector?

    I've got everything setup, it looks like the right files are being retreived but the command does not exit without errors.

  • a-g up**** starts asking me questions if I try to pass -o, and it seems to ignore A**_*****G despite what the documentation claims. I know what needs doing, just shaving yaks at this point, PM me if you're feeling generous and want to drop me a hint.

  • Can't login through s**p service using the creds machine gave me(working yesterday)... Someone changed passwords and username?

  • I am completely lost on this one! I have SFTP access... i can "proxy commands" using a SFTP flag but i can't figure out how to tunnel correctly since i can't get direct ssh connection!

    I've even tried a tool i've used before, ch**el which helps with tunneling, and i was able to get it working, the client connects to my server but still cannot access the high port :-/

    Could someone PM? I am really lost a the moment :-(


  • edited May 2019

    I have finally rooted it. What a box, epic, terrible, painfull, long, wonderfull... Thank to @bullsonparade , @m4xp0wer, @sv1 for their valuable hints and support.


  • Looking for a nudge on a**-g** vector. Also, I think I blew by user flag =/
    I'm working with the shell after plugin upload. Any help would be greatly appreciated.


  • PS: i linked /etcTill now i have the SFTP creds, and i am able to upload files and view it in the browser. Also I have tried linking a few files and accessing it. Succeded. But now i am kinda lost. I don't know what EXACTLY i should do./passwd to see the list of all users.

  • any nudge?

  • and here i came across something unusual. it seems that you just can't include /etc/ p a s s w d in comments

  • remove spaces in passwd

  • that was funny, lol. however any hint from here on?

  • can someone pm me some hints on root part?

  • Can I get some help on uploading the P*P shell via the admin page? Maybe I'm overlooking something I should know, but I just can't figure it out.

  • Stuck on the final step, aka root via ***-******. Please DM me with details, feel like I am just banging my head against the wall and thinking just the syntax is the problem

  • edited May 2019

    Got user and currently sitting at upload stage. Not really sure about next move. It's nudge nudge time..

  • i got my rev shell last night, lost it, got it back this morning. NOW i am stuck at enumerating stuff. Can't wget. Any nudge?

  • Good box. All hints in this thread. Read it and think.

  • edited May 2019

    Got user! That was a ride, never exploited a box like this before :)

  • Type your comment> @jaras said:

    Type your comment> @virtualgoth said:

    OK, I think I need some more help here... SFTP really seems to be a dead-end. I've looked at all the commands and none of them seem useful to me I've looked at all the commands with help, tried ridiculous stuff and nothing is working. I've tried tunneling to the high port and SSH tells me to bugger off. I don't need the whole Scooby-Doo rundown but I'm struggling here peeps. Any other suggestions?

    SFTP is not a dead end. Think about how Apache may interpret some information differently than the SFTP environment. SSH tunneling does not require terminal connection, if you pass the correct option to it.

    for those struggling with sftp. Any hint after that is a spoiler

  • I have tunneled correctly but keep getting forbidden on everything. Can someone dm me a hint?

  • Spoiler Removed

Sign In to comment.