Registry

1235711

Comments

  • I got the .crt file. Can someone give me a hint what to do next?

  • edited November 2019

    Go back to initial enumeration. You need to pass through that gate you could not pass at first. Look closely at file permissions, you might need to get other users permissions in order to get root.

    @drdsol92 said:
    Currently stuck at bt user. From the hints provided here, I think I'm supposed to su to w-d*** and exploit r***c somehow? I've even gone through the php files but still can't find anything useful. Would appreciate it if someone could give me a nudge in the right direction ><

    halisha

    --- I reply faster on Telegram @halishasec and [Discord Tavi #6865]
    --- Please specify the machine you're working at when messaging

  • edited November 2019

    [email protected]:~#

    Damn. This box was a blast! My first hard box and the box I enjoyed the most until now.

    Kudos to thek for creating this for us... Also kudos for all the people that brainstormed this puzzle with me: Rb1929, P3tj3v and Rolesa

    halisha

    --- I reply faster on Telegram @halishasec and [Discord Tavi #6865]
    --- Please specify the machine you're working at when messaging

  • Frustrating yet incredibly fun and fulfilling box. I embarrassingly way over-complicated the initial foothold. This box was a pleasure. Thanks @thek!

  • Thanks a lot @thek for this box. I had a lot of fun, really. I was familiar with the first technology used, but the whole root part was new and I felt a really nice sense of accomplishment.

  • If anyone is willing to give me a little help and wouldn't mind messaging me, it would be greatly appreciated.

  • edited November 2019

    Allowing ssh/write to LHOST should never be encouraged. Very poor opsec. Even the flags were wrong. A new low.

    izzie

  • Got user moving into root

  • Realy stuck with root :(
    tried anything with r****c, s**p is patched...
    any advices?

  • edited November 2019

    Managed to get user! Kudos to @izzie for the nudge. Now really stuck on root however, after getting the s** b*** shell and b/b/ webapp login, unsure how to get a reverse shell for w**-d***

    Also, is anyone else frequently getting 504 timeouts on the /b/b pages?

    ---edit---
    Rooted! Thanks to @rholas for the tips and @thek for creating the box, much appreciated!

    hackerB31

  • PM for Nuggets

    Hack The Box

  • edited November 2019

    Comment deleted :s

    still trying for root..

  • edited November 2019

    Rooted

    [email protected]:~# id; hostname; whoami
    uid=0(root) gid=0(root) groups=0(root)
    bolt
    root
    [email protected]:~#

    Thanks @rholas

    Root and w-d user fucked my mind

  • Finally rooted!

    User: was a walk in the park, just look around and be curious.

    Root: Real challenge is here lol. Had to hop many hurdles in order to get the root flag.

    P.M for hints friends :)

  • I finally can go to sleep after getting the flag 😴🛌

  • edited November 2019

    Rooted (!) - what a journey. Some steps towards root were frustrating but in the end I really enjoyed this box, learned a lot.

    PM for hints.

    CEH | Red Team

  • Great box! I learned about a very useful backup tool, which I plan adopting.

  • Amazing Machine ! @thek i'm impressed in how you could come up with such a machine ! a lot of stuff, i learned a lot too ! Thank you for comming up with this !

    And a huge thanks to @jrgdiaz who took my head of the dirt when i was stuck with what should be common things ! Now i can get some sleep too !

    Thanks a lot guys !

  • ok should i be able to access the API via the vhost mentioned in the crt
  • edited November 2019

    Finally rooted! :D

    Big thanks to @hackerB31 and Ravenforce for the nudges on this one.

    --
    [email protected]:~# id
    uid=0(root) gid=0(root) groups=0(root)
    [email protected]:~# whoami
    root

    [email protected]:~#


    Some hints:

    USER- If you are having issues with your shell not displaying output once connected, the best tip I can give would be K.I.S.S.

    ROOT - Research the obvious, then DIY

  • Cant get the d***** p*** to work, found the ma*****t and Di**** but still, could someone PM me a hint pls?

    prutz

  • edited November 2019

    I rooted this yesterday after several hours. I have no idea if I did this the intended way. I leveraged the command found in b*****.**p after searching through documentation for hours. Anyone who has rooted it also mind sharing with me how they did it? From what I'm reading here, I don't think the approach I took to get there is what others did.

    Edit: Yea, I definitely didn't do this box the way that most people are, I overthought it. Still got root though, so 🤷‍♂️. If you want to solve it the way that I did, when looking at the command you can run, read into all the different type of targets you can be saving to, and then explore whether any of those options have a way to manipulate what gets run.

    Hit me up on HTB Discord if you want, @agreenbhm#8525

  • [email protected]:~# hostname
    bolt
    [email protected]:~# id
    uid=0(root) gid=0(root) groups=0(root)
    [email protected]:~# 
    

    finally rooted!
    i will be open to giving help to everybody because this box is hard af!
    my discord is Celesian#0558

    badge
    profile: https://www.hackthebox.eu/home/users/profile/114435
    discord: Celesian#0558

  • Finally rooted, User part quite easy, but the root was just frustrating, This is the first hard box from me, took time from me to finish it, but I tried to do it by myself as much as possible.

    [email protected]:~# id
    uid=0(root) gid=0(root) groups=0(root)
    [email protected]:~#

    N3v3r Giv3Up, 3v3ry th!ng !s p0ss!ble .

  • This was a fun box. If anyone needs a nudge PM me.
  • ROOTED !!!
    Great box, learnt a lot !
    Everyone writing enumeration is the key is absolutely right, after fetching d****r files, getting the user is all about your enumeration skills.

    PM me for any help

  • @drdsol92 said:
    Currently stuck at bt user. From the hints provided here, I think I'm supposed to su to w-d*** and exploit r***c somehow? I've even gone through the php files but still can't find anything useful. Would appreciate it if someone could give me a nudge in the right direction ><

    You have to find a way to become w**-d**** and get your way with r****c to BACKUP all the essential files

  • edited November 2019

    .

  • edited November 2019

    i am stuck on second user. i cracked hash, logged in web app but uploading shell doesnt work. when i want change extension, it shows 404 not found. any help?

    edit:
    no need to change extension :)

  • edited November 2019

    User! thanks to my mentor, he knows who he is..im finding this box frustrating but not difficult, im not familiar with d****r so i had to read the docs and read the docs and read the docs, that and enumeration is all you'll need to get to user, its that simple.. Now on to root gl -all

Sign In to comment.