• I got user, but I'm struggling to get root. If anyone can PM me with some hint it would be very much appreciated :smile:

  • edited September 2019

    Hey! Someone could help me with the error that is not possible to link in root? I am not in /tmp .

    Edit: Got it

  • rooted
    pm me for hints :)

  • This was a genuinely great box. Happy to help if anyone is stuck.

  • Forgot to ask this before... For those who've already gotten past the initial foothold: Did you do it manually or with a tool? I initially used a tool but went back to do it manually and could only do so much. Keen to improve my skillz on the manual leveraging of this vector so would be interested to know what approaches were taken for manual exploitation.

  • great box, learned a lot

  • [email protected]:/root# id
    uid=0(root) gid=0(root) groups=0(root)

    Awesome box! my first medium root, thoroughly enjoyed and learned a lot!

  • I am having a hard time with root. could anyone give me a hint toward a direction?
  • Rooted, feel free to PM. Learned new things.

    Thanks for everybody helped me. :)

  • great machine send me pm if you stuck

  • Finally rooted, Awesome and fun box, fell free to pm if stuck (if pm write your current situation ;) )

  • edited September 2019

    Stuck at root
    I think I found the right way, but I can't figure out how to exploit it yet
    Can someone help me with a hint?
    Edit: rooted, really nice box

  • edited September 2019

    OMG w.....a privesc is a pain in the ass!

  • edited September 2019

    Can anyone give me a hand finding directory for the first foothold?

  • I need some advice to escalate from w****a to p****r. I know how to abuse the exploit to have a reverse shell but with no priv esc... Can anyone PM, please?

  • edited September 2019

    Ok so for initial foothold ive enum'd 3 different tools to reveal the creds for /ph******n and i know theyre the right ones, but for some reason its spittin error that it doesnt exist or cant retrieve the page?? wtf am i doing wrong? Ncr** and Hyd** are running for 24hrs with no end in sight..feelin pretty frustrated

    Let me note that i am running an older system AMD PHENOM II, so cred cracks take alot longer than usual but with a flag set to end when 1 is obtained and its been running for a whole day seems highly unusual

    The M*****t exploit is the LFI-RCE which i know is the right one because it lines up with ph*******n version

  • Anyone can help me with the sy******l exploit? Can't find out the service needed?
    Thanks in advance.

  • Funny, there are so many users pounding on JARVIS that it is almost impossible to not step on each others feet. In my first attempt my enumeration found several exploit helpers left over by others, I got initial foothold and user with ease. I thought that this was all too odd and not fitting any hints given here. Indeed, when I tried later (presumably after several resets) all of that was gone. Nonetheless, I figured it out. So I did this box twice... Interesting challenge, though. Many facepalms. Reminds me what one of my professors in CS theory said when he presented a tricky proof (he was not a native speaker): proof is easy but very difficult...

    Hack The Box

  • got user, thanks to @phillarby for keeping me on the right track, now onto root root

  • im on root, and im trying my hardest to figure out sy*****tl using the enable flag by calling my script keeps spitting "no file or directory found" which is strange cuz im running it in the same directory thats housing it..lol i know im doing something wrong but i cant figure for the life of me what it is..and its so frustrating cuz im sooo close..a gentle poke might help :)

  • I've been busy for many hours trying to figure out the foothold. I've tried 3 different tools. Checked out the rooms, pictures, LFI and bruteforce p********n. Could someone perhaps nudge me in the right direction, please?

  • stuck in the same spot, not sure how to proceed. have p********n but cant figure out where to go from here. thanks

  • edited September 2019

    still stuck on root sy******l i created the .se***** file and try to enable with proper flags, but it keeps spittin "Failed to enable" not found, im not too privy and im reading up as much as i can, i hope this doesnt spoil.. but if anyone is up to discussing ideas or other tactics please pm me :)

  • Woohoo!! got user and root in one day after banging my head against a brick wall for a couple of weeks. Need to think outside of the box and one database related comment was what through the brick wall. All hints needed to root this box are already in the forums. if you are really stuck then re-read the forum again and again until something clicks. Oh, google is also a great help. Added another couple of sites to my bookmarks.

  • edited September 2019

    Okay, I've been banging my head against the wall on Root for a few days now. I've seen a few posts on needing to get a more stable shell to properly interface with sys*****l, (s) - which prompts me for a pw. Can anyone point me towards information on how to either 1) reset the user account password without knowing the password to begin with, 2) setup the more stable shell (s) for an account without having to know the current password, or 3) obtain the current password for the user account? Without doing this step, I'm stuck at various sys*****l errors trying to get a ser**** to run.

  • I'm trying to create a service, but when I try to start it from the location where I can write, it throws an error saying no such file found. Badly stuck on the root priv esc part.

  • Hi guys ! Can someone please give a nudge on getting root . I got the user but dont know how to get root.
    Any help pls :)

  • this box is a pain in the fucking ass. keep getting banned for trying out different enumeration services. need a nudge / hint bad, close to giving up on this...

  • Struggling with root. How are you able to edit sy******l ? - Getting error opening terminal: unknown and editor failed with error code 1. Please DM me.

  • Hi guys can someone pls give me a hint on getting user. I discover the admin panel and tried brute force it. No success. Any hint pls

Sign In to comment.