Scavenger

13567

Comments

  • Type your comment> @Tohzzicklao said:

    @farbs said:
    Staring this stupid insect in the eyes right now... I'm in, but need some clarity. Any nudges?

    The stupid insect's eyes hide a valued secret at plain sight (you could think it's from someone else). And it's willing to share it with you without knowing who you are.

    I hope this is not spoiler lol.

    Stucked here too atm, I am in the guts of the insect but because its a 'young' insect, found no public weaknesses.
    Appart from a few internal paths, did not find anything interesting :(

  • Finally rooted !

    Really challenging box, thanks to the author for creating this box and to @Seepckoa (merci mec !) and @julianjm for the help :).

    I'd be happy to help if needed, don't hesitate to DM

  • Type your comment> @Greenou said:

    Type your comment> @Tohzzicklao said:

    @farbs said:
    Staring this stupid insect in the eyes right now... I'm in, but need some clarity. Any nudges?

    The stupid insect's eyes hide a valued secret at plain sight (you could think it's from someone else). And it's willing to share it with you without knowing who you are.

    I hope this is not spoiler lol.

    Stucked here too atm, I am in the guts of the insect but because its a 'young' insect, found no public weaknesses.
    Appart from a few internal paths, did not find anything interesting :(

    Maybe you'll need to try bigger dicts to find it. No need to get into the guts of the insect. And read carefully my words between brackets xD

    Tohzzicklao

  • Type your comment> @Tohzzicklao said:

    Type your comment> @Greenou said:

    Type your comment> @Tohzzicklao said:

    @farbs said:
    Staring this stupid insect in the eyes right now... I'm in, but need some clarity. Any nudges?

    The stupid insect's eyes hide a valued secret at plain sight (you could think it's from someone else). And it's willing to share it with you without knowing who you are.

    I hope this is not spoiler lol.

    Stucked here too atm, I am in the guts of the insect but because its a 'young' insect, found no public weaknesses.
    Appart from a few internal paths, did not find anything interesting :(

    Maybe you'll need to try bigger dicts to find it. No need to get into the guts of the insect. And read carefully my words between brackets xD

    God damnit. That's what I get for running my wordlist through a proxy.
    Thanks for the hint, not user yet but I guess I'm pretty close !

  • Rooted. This box is underrated IMO. Can see that a lot of thought went into putting it together and it's creative. thanks @ompamo

    Hints for user: after the initial entry point, you'll be enumerating a lot. By enumerating I mean searching for stuff using methods you probably already know. there are quite a few rabbit holes you can go down and I probably went down them all. this is more of a test of your process and methodology than anything else. And don't bother with the slow thing, made my VM unusable. fortunately you don't need it for anything. in fact a proper shell is not required for anything on this box.

    Hints for root: here google will help you out. much more direct than getting user. but google alone won't get the job done.

    PM for hints.

  • edited August 2019

    Got root after a long time, I missed a small thing but I finally did it. PM for hints if you are stuck!

    Tohzzicklao

  • Finally got user. Big thanks to @ciscopass.

    Now on my way to root. Hints are appreciated.

    Hack The Box

  • Stuck on user, exploited the w***s and have some infos, enumerated and found some rabbit holes. not sure what to do next, need help!

  • edited August 2019

    stuck on the last stage of root - i can't quite get the formatting of the string right, any pointers?

    EDIT: rooted, cheers to @Tohzzicklao and @beorn for the nudge

    feel free to PM me for hints

  • edited August 2019

    man this box make me nervous , i stuck on the root for almost 2 days ,i can't find a way to escalate from ib*01 , and there is no way to get a real shell , is that r.c on **ap file the way or it's a rabbit hole ??

  • Type your comment> @wail99 said:

    man this box make me nervous , i stuck on the root for almost 2 days ,i can't find a way to escalate from ib*01 , and there is no way to get a real shell , is that r.c on **ap file the way or it's a rabbit hole ??

    the **ap part is not a rabbit hole as it got me the user flag (and you don't need the slow thing)

  • Type your comment> @Greenou said:
    i got the user.txt , but still stuck on the root part , i can't get a real shell even with the user ib*01 , any idea??

  • @wail99
    A real shell isn't necessary to root this box

    you should have access to all the info you need to root right now, just gotta put the pieces together

  • Type your comment> @donkey said:

    @wail99
    A real shell isn't necessary to root this box

    you should have access to all the info you need to root right now, just gotta put the pieces together

    I'm at the same step and found a very specific file, sounds like im on track but that methods requires me to have a TTY; which I dont have... I am in a dead end? :(

  • Type your comment> @Greenou said:

    Type your comment> @donkey said:

    @wail99
    A real shell isn't necessary to root this box

    you should have access to all the info you need to root right now, just gotta put the pieces together

    I'm at the same step and found a very specific file, sounds like im on track but that methods requires me to have a TTY; which I dont have... I am in a dead end? :(

    Are you sure you need TTY ;) ?

  • edited August 2019

    Type your comment> @beorn said:
    and how the hell i run a local privs exp*, i don't get it , can you give a nudge??

  • edited August 2019

    I found a user, my way to root
    User hint:
    Enumerate everything that you found, do not forget about UDP.
    User flag hidden very deep
    thanks for the tips
    This machine has a lot of rabbit holes

  • edited August 2019

    finally rooted!!
    thanks @ompamo for creating this challenging machine.
    thanks @beorn @donkey for giving me some nudges
    feel free to PM me for hints

  • Rooted it was a crazy box with many rabbit holes

  • need hints for the following steps, I got the s****.**p to work, then too much rabbit holes. and can't get anything useful

  • Finally got Root! Anyone willing to share their notes? this one was frustrating and all over the place.

  • I've done the first s**i and now there are so many places to look at that I'm not quite sure where to start (well I've started in the sense that I've tried to enumerate what I can). I would very much appreciate a small hint on where to focus as I feel that this is going to take forever otherwise. Thanks!
  • Went through all the enum as far as the s***l> @Tohzzicklao said:

    Type your comment> @Greenou said:

    Type your comment> @Tohzzicklao said:

    @farbs said:
    Staring this stupid insect in the eyes right now... I'm in, but need some clarity. Any nudges?

    The stupid insect's eyes hide a valued secret at plain sight (you could think it's from someone else). And it's willing to share it with you without knowing who you are.

    I hope this is not spoiler lol.

    Stucked here too atm, I am in the guts of the insect but because its a 'young' insect, found no public weaknesses.
    Appart from a few internal paths, did not find anything interesting :(

    Maybe you'll need to try bigger dicts to find it. No need to get into the guts of the insect. And read carefully my words between brackets xD

    I went through all of that, been using what I found there and even got some creds, used it to dump some more data.. but I'm really lost now, any hint ?

  • is pw***s a rabbit hole? i got admin creds, but is toooooo slow. help pls :(

  • Agh, anyone knows why that page goes so slowly, is it a rabbit hole? Should I look another place?

  • @scentlxss said:
    Agh, anyone knows why that page goes so slowly, is it a rabbit hole? Should I look another place?

    😭😭😭😭😭😭

  • if there is anyone willing to DM to discuss what I think the approach to user is? I have the "hidden" sites and RCE

  • edited September 2019

    Rooted. God, this box was full of rabbit holes. Went down them ALL. Did anyone get a proper TTY shell by the way?

    Hint for root: don't be dumb. find that "something" and... dump.

  • Spoiler Removed

  • edited September 2019

    Made it inside the insect... found s*l.p but returned nothing... is this the right path?

    phase

Sign In to comment.