Traverxec

1101113151645

Comments

  • edited November 2019

    pm me

  • Type your comment> @extincted said:

    Rooted.
    This was an interesting machine, got tricked one time and spent alot of time somewhere i shouldnt. The way to root was also interesting.

    Pm me if you need help.

    help me bro xd

  • Hi! i would need help. I dont know how to use GTFOBins with this special command to get root priv

  • Please send me a PM to give me a hint

  • Type your comment> @bumika said:
    > My most memorable privilege escalation so far. :) Thank you, @jkr.

    Ok, it depends on which “size” you would like to use. :)

    bumika

  • Woa fuck I spend last night so much time on this box...

    Foot: simple curl request
    User: well yea, that took me some time. Find all the stuff you need, read the files next to it and the man page of the service..its written dozen times here... I read the stuff dozen times but finally, in the night I got it lol xD (hint; not everything that is accessible is also visible)
    root: well yea..took me again ages, I tried so many things... at the end my only tipp is.. size matters

    Thanks to @0x1MF40 who guided me a bit out of the last brainfuck xD

  • Type your comment> @0xbadbac0n said:

    Woa fuck I spend last night so much time on this box...

    Foot: simple curl request
    User: well yea, that took me some time. Find all the stuff you need, read the files next to it and the man page of the service..its written dozen times here... I read the stuff dozen times but finally, in the night I got it lol xD (hint; not everything that is accessible is also visible)
    root: well yea..took me again ages, I tried so many things... at the end my only tipp is.. size matters

    Thanks to @0x1MF40 who guided me a bit out of the last brainfuck xD

    I have the user and the supposed hash with the password but when deciphering it tells me that it is not md5 if you could help me thank you very much

  • Can pls someone help me with priv esc and GTFO? I only get non esc shell.

  • Rooted !!!
    Really a fun box, with fine tricks. Really a learning house for beginners. The hints provided in the forum are enough to get yourself root.

    But if you still need any help or want to understand why a particular thing worked, don't refrain from DM :wink:

  • Can someone help me with user? I'm really stuck there, I found a hash, but can't crack it with hashcat, found something id_rsa related, read the c**f file, read the manual of the service. But even now, I can't figure out, what to do with it...

  • Type your comment> @lblg said:

    Type your comment> @tony201 said:

    I was able to get in to the user but now I'm stuck. I keep seeing everyone say that its right in front of my face but I don't get it. I mean I have something in mind such as modifying the **.sh and making it run my client that I set up with MSFVenom which didn't work of course, but im not sure if that's exactly what i need to be doing. Can anyone PM and give me a tip for root

    I'm looking and just starring at the **.sh file looking at all the commands and trying to modify different things and I'm just not getting it. I am not sure if I can write down all that I have tried here but yea that's pretty much where I am at right now.

    Don't try to modify the script, but look what it does. There's a hint that you can execute something. Think what happens when you execute that command and what you can do from there. PM me if you need hints.

    Wooow I was doing the right thing the whole time, but I just didnt know you could type while in that area. Thank you
    Got Root!! first box.

  • hi guys , i'm trying to open the site of this box , but i keep getting 403 - Forbidden
    any help or anyone get the same ? ?

  • edited November 2019

    Solid machine. User may have been a bit much for some new guys, but overall, I thought everything was decently well thought out. Nothing was too difficult.

    Foothold: CVE
    User: Enumerate. The creds aren't useless... Config files can also be useful. There are multiple ways to get user.
    Root: Look through a smaller window, and you'll see less.

    Edit: If you message me for help, I will not respond unless you provide additional details regarding where/why you are stuck and what you have tried – thanks.


    Hack The Box
    defarbs.com | Retired Machine Writeups! - "Let me just quote the late, great Colonel Sanders, who said, 'I'm too drunk... to taste this chicken.'”

  • after several attempts finally got suddenly root. Fascinating.

  • Rooted, more or less !
    It is a hint :)

  • Rooted!
    Feel free to PM for hints <3

  • edited November 2019

    Nice box, especially the user part which is a good opportunity to learn properly unix fs permissions. Hint for user from me: some things are not visible, but the crucial ones actually are. I spent too much time to look for files in their default places. Do not repeat my mistakes.
    Nice machine. Enjoyed!

    m4rc1n

  • I'm definitely going to have to come back through and read through all of these pages. I was able to get a shell and traverse some of the directories. But was unable to get user or root flags, little long get the hashed passwords from anywhere. Linux/Unix is not my strongest of knowledge but I'm still learning. This machine is fun and infuriating all at the sametime for me. However I feel once I get it I will learn a lot more about it

    Available to help when I can and know how to help. However do not expect responses right away on these days. Sunday - Wednesday between 7am-8pm EST (USA, Orlando, Fl) as I work those days from 7a-7p and then the ride home. Just a forewarning is all :) Other than that I'll answer ASAP, or when I get home from work.

    CompTIA A+ | Network+ | Security+ | PenTest+ (In Progress) | C|EH (in Progress)
  • edited November 2019

    Rooted!

    Root took me an infuriatingly long time, I have never seen anything like that before... The more you know!

  • User was pretty easy but I got stuck on root.
    I had the right idea from the start but I couldn't figure out how to use it properly.

    Literally hitting myself now I worked it out, but I guess I've never done anything like that before.

  • edited November 2019

    получил root
    спасибо за подсказки @extincted @m4rc1n

    Изучите вывод nmap и вы увидете то что нужно проверить

    для начальной опоры есть скрипт в msf5 используйте его и получите w******a

    user: ищите конфиг файл и внем будет ссылка на зашифрованый хеш. открываете расшифровывайте и подключаетесь по ssh

    root: изучаете файл .sh и читайте https://gtfobins.github.io/ после этого сможете получить root

    спасибо за коробку
    если нужна помощь пишите в PM

    я все делал в Parrot Linux

  • edited November 2019
    Need a nudge for user please.

    Have d**** credentials, read the c*** file and man for the service, gone to hidden directory and discovered some files, but get permission denied errors on anything I try... What am I missing?

    Please could someone pm me. Thanks.
  • Hello guys, could someone help me with the escalation of privileges since it is my weak point I have the user and I just need to root a greeting

  • I'm stuck on the user. I have a shell and found the creds and interesting file but don't know what to exactly look for. Need help please.

  • edited November 2019

    Stuck at user and I think I'm getting a little bit crazy, because I keep trying the same thing, which should work (in my very disturbed mind), but it doesn't.
    Found the file to read, cracked the password, tried to access the directory through http...but nothing happens, just the "private space" page.
    I don't know if I'm using a wrong user, a wrong password or accessing a wrong page...any hints?

    EDIT: Nevermind, I WAS getting crazy. A good night of sleep cleared my mind

  • Rooted.
    Feel free to DM for hints ;)

  • [email protected]:~# id
    uid=0(root) gid=0(root) groups=0(root)

  • Took some time, but it twas a fun box. Thanks @jkr. PM me if you need some hints

  • I found a hash from the c*** folder, and used hashcat to unlock it, but I couldn't log in to D****'s user. Someone prompted me to read the configuration file carefully, but I got nothing. I need a slight hint to indicate my direction. Thank you.

  • Thank you very much to the creator of this machine for taking your time to bring it here thank you very much also to my friend extincted for his advice and patience xd

    pd: I'm root yeahh !!

Sign In to comment.