OpenAdmin

1565759616264

Comments

  • Type your comment> @TazWake said:

    @Youngie1337 said:

    I am in as J****a and can see that permissions allows a text editor. I cannot get the root flag - it just doesn't seem to exist... any ideas? Thank you.

    Edit: got it, for whatever reason it did not work. The machine stopped and when I started it again it worked... perhaps the root.txt was missing?!

    I am a bit confused here - did you use the text editor to read the flag or escalate privs? If the former, it shouldn't work on this box.

    Due to permissions it was possible to read the root flag, for whatever reason it just wouldn't open the root.txt - managed to get it working following the box starting back up.

  • I got flag without actually being root from the p**v file. Does that make sense? Submitted my flag which is valid, but I still don't get how is this root... would love some guidance

  • I really struggled with this box for some reason. The jump from the first pseudoshell to the first full user was painful and I was taring my hair out. It turns out, I had all the pieces of the puzzle in front of me, but I just wasn't putting them together, instead I was staring at them. (I created my own rabbit hole trying to do all sorts of things)

    can someone PM me with how they got the USER1 to USER2 to work? I found and cracked the hash and retrieved the key, but wasn't able to log in at all, falling at the last hurdle.

    Also, what was the cURL method? I gave up on that pretty quickly.

    I found a different ways around, but am curious to know other ways for future reference.
    thanks all <3

  • @omerxx said:

    I got flag without actually being root from the p**v file. Does that make sense? Submitted my flag which is valid, but I still don't get how is this root... would love some guidance

    Someone broke the box before you attacked it because they didn't understand how the box works.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • @giantruby said:

    I really struggled with this box for some reason. The jump from the first pseudoshell to the first full user was painful and I was taring my hair out. It turns out, I had all the pieces of the puzzle in front of me, but I just wasn't putting them together, instead I was staring at them. (I created my own rabbit hole trying to do all sorts of things)

    This has happened to lots of people.

    can someone PM me with how they got the USER1 to USER2 to work? I found and cracked the hash and retrieved the key, but wasn't able to log in at all, falling at the last hurdle.

    Happy to discuss this but it's likely to be down to not using the key properly. Or, given how much people mess with this box, someone changed the key so you didn't get a valid one.

    Also, what was the cURL method? I gave up on that pretty quickly.

    How did you get the key?

    I found a different ways around, but am curious to know other ways for future reference.
    thanks all <3

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Type your comment> @TazWake said:

    @omerxx said:

    I got flag without actually being root from the p**v file. Does that make sense? Submitted my flag which is valid, but I still don't get how is this root... would love some guidance

    Someone broke the box before you attacked it because they didn't understand how the box works.

    Thank you! Went back and did it the right way.

  • Rooted! I did it my second machine!
    Very recommendable for beginners like me.
    Thanks to the author and all the people who give hints.

    If someone needs help just ask me whatever you want :)
  • edited April 5

    @giantruby said:

    I really struggled with this box for some reason. The jump from the first pseudoshell to the first full user was painful and I was taring my hair out. It turns out, I had all the pieces of the puzzle in front of me, but I just wasn't putting them together, instead I was staring at them. (I created my own rabbit hole trying to do all sorts of things)

    can someone PM me with how they got the USER1 to USER2 to work? I found and cracked the hash and retrieved the key, but wasn't able to log in at all, falling at the last hurdle.

    Also, what was the cURL method? I gave up on that pretty quickly.

    I found a different ways around, but am curious to know other ways for future reference.
    thanks all <3

    Hey, good work! The cURL is probably just accessing it using HTTP via command line by specifying the path on the server. Keep in mind you have to be allowed to access it or maybe it is accessible using a different port nudge. It sounds like you are on the brink of getting the user flag. Keep in mind that the pass phrase you cracked is most likely not the SSH key; I would really look at what the hash is and how people usually authenticate using that. After doing so, then you can use that phrase that you cracked to get into the second user.

  • Hi, I have a pretty dumb problem. So, I got the exploit working so I now have RCE, but I am to dumb to spawn a reverse shell. One Liners doesn't work, so I tried to make a new file and edit one with v** or n***, but that didn't work. I also tried it with e***, but that doesn't do anything. So I tried to download the file with w*** and c***, but that doesn't give any response either. I'm running out of Ideas, could someone please help me? Thanks.
  • @Gaiaphage said:

    Hi, I have a pretty dumb problem. So, I got the exploit working so I now have RCE, but I am to dumb to spawn a reverse shell. One Liners doesn't work, so I tried to make a new file and edit one with v** or n***, but that didn't work. I also tried it with e***, but that doesn't do anything. So I tried to download the file with w*** and c***, but that doesn't give any response either. I'm running out of Ideas, could someone please help me? Thanks.

    You really don't need a reverse shell. You can do all the enumeration you need via the RCe then you get a proper foothold.

    Spending time and effort to get a reverse shell at this stage is largely unnecessary (however you will see that loads of people are uploading attempts but it just makes everything harder for everyone).

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Type your comment> @TazWake said:

    @Gaiaphage said:

    Hi, I have a pretty dumb problem. So, I got the exploit working so I now have RCE, but I am to dumb to spawn a reverse shell. One Liners doesn't work, so I tried to make a new file and edit one with v** or n***, but that didn't work. I also tried it with e***, but that doesn't do anything. So I tried to download the file with w*** and c***, but that doesn't give any response either. I'm running out of Ideas, could someone please help me? Thanks.

    You really don't need a reverse shell. You can do all the enumeration you need via the RCe then you get a proper foothold.

    Spending time and effort to get a reverse shell at this stage is largely unnecessary (however you will see that loads of people are uploading attempts but it just makes everything harder for everyone).

    Thank you:) Will focus on further enumeration now

  • Type your comment> @berd said:

    Keep in mind that the pass phrase you cracked is most likely not the SSH key; I would really look at what the hash is and how people usually authenticate using that. After doing so, then you can use that phrase that you cracked to get into the second user.

    that was my issue. the original hash I cracked i never ended up using, because i did something "differently", so i didnt need it. trying to figure that one out now.

    Thanks to @TazWake for helping me sort out why what i thought USER2's password was, actually wasnt, and a whole different tool was needed with what the original cracked hash would have revealed

  • Total noob with a total noob question: found the exploitable thing, found the exploit, pointed it (I think) in the right direction - tried a few different variations - but I'm not even able to enumerate. No response to any commands. Any nudge on what I might be doing wrong?

  • @gx3636wp said:

    Total noob with a total noob question: found the exploitable thing, found the exploit, pointed it (I think) in the right direction - tried a few different variations - but I'm not even able to enumerate. No response to any commands. Any nudge on what I might be doing wrong?

    If you are using the correct exploit and pointing it an address which is definitely vulnerable, you shouldn't see much different from when you get it wrong.

    However, if you are getting no response to any command, chances are it isn't being used correctly.

    The single most common error is the address it points to. If this is not vulnerable, you just get a prompt over and over.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Type your comment> @gx3636wp said:

    Total noob with a total noob question: found the exploitable thing, found the exploit, pointed it (I think) in the right direction - tried a few different variations - but I'm not even able to enumerate. No response to any commands. Any nudge on what I might be doing wrong?

    Try, instead of "exploit.sh 10.10.10.171" something like "exploit.sh 10.10.10.172/o*a", this worked for me

  • Finally got it after a few days beating my head against it. Like everyone is saying it seems trivial after you understand what you need to do. Making my mind think that way was the hard part.

    Feel free to DM me for hints if you are stuck.

    v3r1t4s06

  • Really enjoyed this box! A little bit of a beginner box, since there aren't too many rabbit holes. User was definitely more challenging than root. Spent some time down a rabbit hole using php -S on a certain directory.

    This was a box I was able to complete without using the forum and any help, which feels good.

  • I'm currently having successful bash code injection, but having troubles getting a interactive reverse shell, any recommendation ?

  • @HighImpact said:

    I'm currently having successful bash code injection, but having troubles getting a interactive reverse shell, any recommendation ?

    Yeah, dont bother with a reverse shell. You don't need it.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • I have obtained the w**-***a user through the exploit but I am now stuck on the enumeration for the next user which I assume is j***y. Could someone DM a nudge please

  • @dewdrop0247 said:

    I have obtained the w**-***a user through the exploit but I am now stuck on the enumeration for the next user which I assume is j***y. Could someone DM a nudge please

    Look through the files and folders to find what you need. Or read through the previous hints here which have been more explicit.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Rooted! Loved this box! I learned some new things! Thank you @TazWake for this! Feel free to DM for any help!

  • @jibbiez said:

    Rooted! Loved this box! I learned some new things! Thank you @TazWake for this! Feel free to DM for any help!

    Glad to help

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Hello folks.

    I'm stuck with an RSA key. Post John, I am endlessly presented with 'load key "id_rsa": invalid format'

    1. Yes, it's the 'correct' key.
    2. I understand john's role - I'm past that.
    3. I understand how to SSH as User2.

    Specifically, it is only the 'load key:id_rsa invalid format' that I am having trouble with and obviously I can't progress without getting this bit right.

    Can anyone tell me exactly, precisely how to SSH into User2, from User1, with the 2 x SSH things ?

    On the verge of giving up - totally stumped.

  • Clue: The formatting for RSA private keys is very specific; any deviation and you'll have a 'computer says no' circle.

  • Rooted. Make sure you understand how ssh public key authentication works

  • @ElPablo said:

    Clue: The formatting for RSA private keys is very specific; any deviation and you'll have a 'computer says no' circle.

    Good work persisting on the problem though. Lots of people give up a bit too quickly rather than work through the information they have.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Managed to get www-data shell, but don't know how to privesc from here! Could anyone DM for help?

  • @Cane said:

    Managed to get www-data shell, but don't know how to privesc from here! Could anyone DM for help?

    https://forum.hackthebox.eu/discussion/comment/68490/#Comment_68490

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • edited April 10

    guys i have the RSA key and I cracked it but still cant login to the user2. idk why am i missing something?

    rooted

Sign In to comment.