Traverxec

191012141545

Comments

  • Epic box :^)

     / __| | | | '_ ` _ \ 
    | (__| |_| | | | | | |
     \___|\__,_|_| |_| |_|
    

    Hack The Box

  • Thanks @w4x for nudges

    [email protected]:# id
    uid=0(root) gid=0(root) groups=0(root)

  • edited November 2019

    Was anyone able to get a shell on the box without using the common tool for automating things like this? send me a message if you have a way please.

    Edit: Please ignore. I am an idiot and never thought to read the source code in this tool.

  • Rooted! PM me for hints :)

  • Rooted very nice box :D

    amra13579l

  • Root was just "Wow!"

  • That final mental leap to get root was really, really cute. Maybe think outside the terminal box to get this one if you're struggling ;). Nice work, jkr.

  • Finallly got root . Thank you @rholas for help.

    pleas PM if need any hints

  • ¡Rooted! I can say that I learned interesting things with this machine. My advice and hint are.
    User: Always check the configuration files and read the permissions carefully.
    Root: gtfo bins is the key, nothing more and nothing LESS.

    This thread can help: https://www.reddit.com/r/hackthebox/comments/dy8t4j/traverxec_help/

  • edited November 2019

    There's someone massively spamming the box with broadcast messages. Can anyone help?

    EDIT: Rooted. That was nice :) PM for nudges.

  • got user password cracked.... but its not working when i ssh?!!

  • Someone please help with the hash , can't crack it with john or hashcat and i believe i have to convert the hash to john format but don't know how.

  • Spoiler Removed

  • edited November 2019

    have been struck at root for the past day, I found the interesting script & read GTFObins yet I fail at whatever I try with these. Can someone please nudge me in the right direction

    Edit: Nevermind, I was able to finally root it. This machine taught me alot about linux in general, was great fun.

  • I am in the hidden directory, got the private and public key for user d**** I know how to to use the private one but I cannot "cat" it even if I move it to another directory. I tried to move it to my local machine but nothing. Any tip of how to read its content. I guess the cracked password from the first steps ( using john) is used later as passphrase. Thanks!

  • no passphrase actually.. But the dir/file is accessable from other than the cli.. as you know where it is, you should know where to access it?

    0byte

  • I have obtained the keys needed for user but am prompted for a passphrase when I try to use them (not the passphrase we crack in the beginning -- i already used that to obtain said keys). I have read a lot of documentation on the matter but am still confused and am unsure what exactly I'm doing wrong, and googling hasn't provided me with any answers, and I have tried using verbose mode but still am confused. Would appreciate any help on figuring out how to use the keys to connect to user.

  • Too long stuck on this machine :( Got low-priv shell, however I am not able to find the file everyone is talking about..

    Any help would be appreciated! Please DM for a hint!

  • I'm pretty STUCK with root. Ok: it's a GTFO's thing, it's about THE script but... I miss something.... Where do I have to crash my head?

    BadRain

  • My most memorable privilege escalation so far. :) Thank you, @jkr.

    bumika

  • need help, i do not understand how to GTFO using the .sh file.

  • Type your comment> @HJFR said:

    need help, i do not understand how to GTFO using the .sh file.

    You're going to have to think outside of the box on this one. Like, perhaps outside of your terminal box...

  • Type your comment> @Ruri said:

    Type your comment> @HJFR said:

    need help, i do not understand how to GTFO using the .sh file.

    You're going to have to think outside of the box on this one. Like, perhaps outside of your terminal box...

    Does that means that it is expected zero output?

  • I was able to get in to the user but now I'm stuck. I keep seeing everyone say that its right in front of my face but I don't get it. I mean I have something in mind such as modifying the **.sh and making it run my client that I set up with MSFVenom which didn't work of course, but im not sure if that's exactly what i need to be doing. Can anyone PM and give me a tip for root

    I'm looking and just starring at the **.sh file looking at all the commands and trying to modify different things and I'm just not getting it. I am not sure if I can write down all that I have tried here but yea that's pretty much where I am at right now.

  • PLS PM for the nudges

  • Type your comment> @tony201 said:

    I was able to get in to the user but now I'm stuck. I keep seeing everyone say that its right in front of my face but I don't get it. I mean I have something in mind such as modifying the **.sh and making it run my client that I set up with MSFVenom which didn't work of course, but im not sure if that's exactly what i need to be doing. Can anyone PM and give me a tip for root

    I'm looking and just starring at the **.sh file looking at all the commands and trying to modify different things and I'm just not getting it. I am not sure if I can write down all that I have tried here but yea that's pretty much where I am at right now.

    Don't try to modify the script, but look what it does. There's a hint that you can execute something. Think what happens when you execute that command and what you can do from there. PM me if you need hints.

  • Rooted, PM hints welcome. Fun box.


    Check out my blog
    Always happy to help! but please consider dropping some respect. ^^

  • Rooted.
    This was an interesting machine, got tricked one time and spent alot of time somewhere i shouldnt. The way to root was also interesting.

    Pm me if you need help.

    Running for OSCP

  • edited November 2019

    Hello friends good morning could you give me a hand I have the shell and the user also has the hash but for some reason john does not work well for me or it is I who did not master it well at all

    Sorry for my english i from spain.

Sign In to comment.