I have the r...s user and M.. user and now I think I have found a loginpage at 10.10.10.160:xxxxx but I just can't access this page. 10.10.10.160 website works just fine, but not the loginpage. Should I be able to access this page ?
Ok, got user and root, without m********t..
Some tipps&tricks:
Foothold:
Play around and google. There are different(!) ways to get in (don't go for copy&paste exploits.. won't work :P), BUT as everyone is messing like stupid with automated tools (it is more efficient btw to do it manually..) the box is heavily stressed and flipping around.
As soon as you get in, try to automate it. You do not need some kind of vuln frameworks, a simple bash script is enough to get the low priv shell in. I had to repeat the execution of the script sometimes up to 15 minutes(yes, I used delays ) until I got in again because ppl were messing with the box. So don't give up ^^
user:
Now you're inside, explore what you get. iterate through all files you can open, abuse them and use some basic Linux commands.
root:
my internet sucks, I wouldn't be able to download bigger frameworks for automation in less than many hours...so back2roots.
Look what you get beside on other ports, get in and play around.
github + chrome/curl was enough to get root.
(now automated with few lines bash)
tldr:
use your brain, frameworks will fail.
"READONLY" and similar messages popping up because ppl try stuff, read the docs for the application to know how to help yourself or wait some minutes until the box had some (soft?) reset on that and is working again. It can be super annoying...I know
Write your findings into a script to have one command to get into in, as its annoying otherwise to execute over and over again the same.
Feedback:
It was my first box on HTB and it was quite funny. I learned here and there some stuff, mainly to be patient because many persons here are messing around with the box which lets it sometimes in a weird state for a couple of minutes. This was from time to time really frustrating ^^
But overall, thanks @TheCyberGeek for this box, I really enjoyed it overall
(I tried to keep it vague but if it already too much spoiler pls lock the post )
can someone nudge me in the right way to enumerate the user so i can use r***s to drop my ssh keys? i just cant find the right directory to drop them in.
Any tips on enumerating users? cannot be certain if it can be done through r****-i or not! I think not, so s needs a user, is cli*** s*****e command (r****-**i command).
I think I'm over complicating things?! Any nudges?
Any tips on enumerating users? cannot be certain if it can be done through r****-i or not! I think not, so s needs a user, is cli*** s*****e command (r****-**i command).
I think I'm over complicating things?! Any nudges?
Any tips on enumerating users? cannot be certain if it can be done through r****-i or not! I think not, so s needs a user, is cli*** s*****e command (r****-**i command).
I think I'm over complicating things?! Any nudges?
r****-**i is the right way
Thanks! will it enumerate users, or should I create the s** user and get it?
Just rooted the box. Honestly if you are not familiar with Rs it can be difficult. That took the longest. Once I got user I got root in about 10 minutes. Hint would be if something does not work how it should look to see if you can do it another way, once you are in check your scan results again and see if you can find anymore vulnerabilities for root. Thanks to @noi, @Lycist, and @s0clyst for the hints on Rs.
Any tips on enumerating users? cannot be certain if it can be done through r****-i or not! I think not, so s needs a user, is cli*** s*****e command (r****-**i command).
I think I'm over complicating things?! Any nudges?
r****-**i is the right way
Thanks! will it enumerate users, or should I create the s** user and get it?
np, the r**** user should be enough to get get a low priv shell
OK - revisiting this system, have user. Working on root, I think I have the correct exploit via CVE and git. However when using it, I get redirected to a Security Warning.
I am using the user's c***** in B*** S****.
I have reset the system about half a dozen times to make sure the configs haven't been changed. But the some times the r****-c** exploit doesn't work.
i really went about this one backwards; rooted before I got user but I guess I was really focused on the path to root that i kept going?! idk User just took me to think about how i could use what i already had and then... duh. Anyone else feel it was a lil crowded, or was it just my bad timing?
I thought it was a good box @TheCyberGeek
I finally got an initial foothold after a small hint in this thread tipped me off. And I'm now going after user. But I have to ask, how in the name of all that is good, do you manage to find that directory for that oddball config of **h? Can someone who did it on their own PM me, please and explain the thought process. It would have been dumb luck for me to have found it. Much thanks in advance. Now on to user.
Hours later, got user. and got root Root was much easier. I liked this box. @TheCyberGeek thanks.
Rooted, I enjoyed this box. There are plenty of hints on here already. Also remember to check the box's profile page via HTB to see what it consists of. The main point that pops out is it is heavily CVE related.
Thanks for the box. As a n00b, I appreciate the easier boxes, and I thought this one had some nice quirks to keep the obvious exploits from working. Also the password that doesn't work where you think it does was a useful reminder to keep my options open.
Comments
I have the r...s user and M.. user and now I think I have found a loginpage at 10.10.10.160:xxxxx but I just can't access this page. 10.10.10.160 website works just fine, but not the loginpage. Should I be able to access this page ?
My first rooted box on HTB ...DM for ant help
Ok, got user and root, without m********t..
Some tipps&tricks:
Foothold:
) until I got in again because ppl were messing with the box. So don't give up ^^
Play around and google. There are different(!) ways to get in (don't go for copy&paste exploits.. won't work :P), BUT as everyone is messing like stupid with automated tools (it is more efficient btw to do it manually..) the box is heavily stressed and flipping around.
As soon as you get in, try to automate it. You do not need some kind of vuln frameworks, a simple bash script is enough to get the low priv shell in. I had to repeat the execution of the script sometimes up to 15 minutes(yes, I used delays
user:
Now you're inside, explore what you get. iterate through all files you can open, abuse them and use some basic Linux commands.
root:
my internet sucks, I wouldn't be able to download bigger frameworks for automation in less than many hours...so back2roots.
Look what you get beside on other ports, get in and play around.
github + chrome/curl was enough to get root.
(now automated with few lines bash)
tldr:
use your brain, frameworks will fail.
"READONLY" and similar messages popping up because ppl try stuff, read the docs for the application to know how to help yourself or wait some minutes until the box had some (soft?) reset on that and is working again. It can be super annoying...I know
Write your findings into a script to have one command to get into in, as its annoying otherwise to execute over and over again the same.
Feedback:
It was my first box on HTB and it was quite funny. I learned here and there some stuff, mainly to be patient because many persons here are messing around with the box which lets it sometimes in a weird state for a couple of minutes. This was from time to time really frustrating ^^
But overall, thanks @TheCyberGeek for this box, I really enjoyed it overall
(I tried to keep it vague but if it already too much spoiler pls lock the post
)
guys i need some help
i'm stuck with the module load and this stuff, hints please
Type your comment> @outisx said:
wrong exploit..
rooted with m********t . All hints are on this forum.
can someone nudge me in the right way to enumerate the user so i can use r***s to drop my ssh keys? i just cant find the right directory to drop them in.
Any tips on enumerating users? cannot be certain if it can be done through r****-i or not! I think not, so s needs a user, is cli*** s*****e command (r****-**i command).
I think I'm over complicating things?! Any nudges?
Drop a respect if I helped.
https://www.hackthebox.eu/home/users/profile/138523
Type your comment> @salt said:
r****-**i is the right way
Type your comment> @0xbadbac0n said:
Thanks! will it enumerate users, or should I create the s** user and get it?
Drop a respect if I helped.
https://www.hackthebox.eu/home/users/profile/138523
Just rooted the box. Honestly if you are not familiar with Rs it can be difficult. That took the longest. Once I got user I got root in about 10 minutes. Hint would be if something does not work how it should look to see if you can do it another way, once you are in check your scan results again and see if you can find anymore vulnerabilities for root. Thanks to @noi, @Lycist, and @s0clyst for the hints on Rs.
Rooted, fun box.
Need help? Contact me on discord: hecker#7348
Rooted! Feel free to contact me for hints
User & root owned. I would recommend this box to anybody starting out
Rooted, Feel free to ask for hints
Rooted! Good box for newbies. thx @bumika
PM 4 hints.
Also, dont forget about case sensitive...
Type your comment> @salt said:
np, the r**** user should be enough to get get a low priv shell
Someone have some tips for initial user enumeration? Getting root is very obvious..
Just rooted 1st box thanks to @Franna and @S0clyst for the nudges. Message for a nudge.
Spoiler Removed
OK - revisiting this system, have user. Working on root, I think I have the correct exploit via CVE and git. However when using it, I get redirected to a Security Warning.
I am using the user's c***** in B*** S****.
I have reset the system about half a dozen times to make sure the configs haven't been changed. But the some times the r****-c** exploit doesn't work.
Am I on track here? (for root)
i really went about this one backwards; rooted before I got user but I guess I was really focused on the path to root that i kept going?! idk User just took me to think about how i could use what i already had and then... duh. Anyone else feel it was a lil crowded, or was it just my bad timing?
I thought it was a good box @TheCyberGeek
I finally got an initial foothold after a small hint in this thread tipped me off. And I'm now going after user. But I have to ask, how in the name of all that is good, do you manage to find that directory for that oddball config of **h? Can someone who did it on their own PM me, please and explain the thought process. It would have been dumb luck for me to have found it. Much thanks in advance. Now on to user.
Hours later, got user. and got root Root was much easier. I liked this box. @TheCyberGeek thanks.
Rooted, PM nudges are welcome.
Check out my blog
Always happy to help! but please consider dropping some respect. ^^
Rooted, I enjoyed this box. There are plenty of hints on here already. Also remember to check the box's profile page via HTB to see what it consists of. The main point that pops out is it is heavily CVE related.
That said, you can PM me via discord for hints.
Discord : secHaq#7121
Thanks for the box. As a n00b, I appreciate the easier boxes, and I thought this one had some nice quirks to keep the obvious exploits from working. Also the password that doesn't work where you think it does was a useful reminder to keep my options open.
What's with the contents of root.txt ?!!!
Drop a respect if I helped.
https://www.hackthebox.eu/home/users/profile/138523
Hi guys, is anyone able to run "config set dir .." in r**** ? i keep getting permission denied.. not sure what im doing wrong here..
rooted, thanks to @donkeysnore for the nudges.
Drop a respect if I helped.
https://www.hackthebox.eu/home/users/profile/138523