Traceback

17810121330

Comments

  • Got root. Box needed to be reset as someone messed with the files again....

    Cheers to @nyckelharpa for the pointers

  • got sy******in user, ran p**y , aware of 00-h*****, and have no idea how yo advance from here.

    need help pls :(

  • Rooted, fun box !

    triki

  • Anyone can give me a hint on root privilege escalation?

  • I'm open and online atm if you need pointers.
    PM me with where you are up to and we can chat!

  • Type your comment> @sakas4 said:

    Type your comment> @Big7asty said:

    @DrayAgha @sakas4
    On the right path, sudo --help is all you need to get there.
    Thank you @Ursa

    I rly tried everything.

    It doesnt work.

    try sudo -l

  • Having how to own user change after coming back after a couple days break was SUPER annoying; I thought some asshole kept removing the necessary file after resets. So if you were working on this a few days back and are thinking people are deleting things, they might be, but they also may have moved things around on you.

    Otherwise it was a fun box and I learned a good bit. Thanks!

  • Type your comment> @53c0nd2473 said:
    > Having how to own user change after coming back after a couple days break was SUPER annoying; I thought some asshole kept removing the necessary file after resets. So if you were working on this a few days back and are thinking people are deleting things, they might be, but they also may have moved things around on you.
    >
    > Otherwise it was a fun box and I learned a good bit. Thanks!

    Well this doesn‘t really matter. U actually always can see where this certain file is located, otherwise you wouldnt be able to run it as you do.
  • @h3105 said:

    @53c0nd2473 said:
    Having how to own user change after coming back after a couple days break was SUPER annoying; I thought some asshole kept removing the necessary file after resets. So if you were working on this a few days back and are thinking people are deleting things, they might be, but they also may have moved things around on you.

    Otherwise it was a fun box and I learned a good bit. Thanks!

    Well this doesn‘t really matter. U actually always can see where this certain file is located, otherwise you wouldnt be able to run it as you do.

    Well, the problem is that, due to the constant resets, people tend to script their way through the initial foothold. And those scripts will now always fail ;)


    Hack The Box
    GREM | OSCE | GASF | eJPT

    Feel free to PM me your questions, but please explain what you tried, so far.

    Currently busy with AWAE

  • Rooted.
    Great and fun box for beginners. Learn about two new things; a new programming language and how welcome messages are configured and being displayed when user logs into ssh service.

    Just feel free to PM me if you get stuck and want some hints !!!
    Happy to help :)
    Hack The Box

  • edited March 2020

    I hate this, people are resetting and removing stuff all the time, it is very anoyying, i literally can't take 2 minutes to setup for something and I see that somebody removed the file that i uploaded. I can literally see the command from bash, holy s**t.

  • Rooted it yesterday. It was a fun and refreshing box :smile:.
    If anyone need help on user or root, I'll be happy to provide some tips!

  • edited March 2020

    rooted!! ok thanks again for eviltor13 for the clues!!!
    okay now here here's what i can say about the box and maybe some clue?
    foothold: remember everything you see is the truth!
    User:the things you see is also the truth! Try to look for it!
    Root: again the answers is in front of you! Remember don't overwrite it!
    ....ehem
    And thanks again for eviltor13

  • Type your comment> @chiakheewei said:

    Anyone can give me a hint on root privilege escalation?

    The answere is in front of you! Just look for it!

  • rooted! fun box specially to get root flag.
    feel free to PM if you are stuck! :)

  • edited March 2020

    Type your comment> @MariaB said:

    Seriously guys stop resetting and messing with box,overwriting things ,deleting things.
    You are spoiling the nice box.
    After i manged to get user after 1000 redos now i cannot get to root because of all the madness!!!

    I came here to say exactly this!

    Nevertheless, this was a fun box, and i learned a lot, especialy a new programming language :smiley:

    Thanks @Xh4H For making this box!

    e-nigmaNL

  • Box was slightly too easy in my opinion. Repeated exploitation path from a previous machine was a bit insulting as well.

    Not a bad box for beginners, but if you're seasoned, it will probably feel like more of a chore than anything else.

    No tips from me on this one. Everything in the comments is already enough.


    Hack The Box
    defarbs.com | Retired Machine Writeups! - "Let me just quote the late, great Colonel Sanders, who said, 'I'm too drunk... to taste this chicken.'”

  • As soon as I spawn my shell, the intended tool to be used is asking for password. did anyone else have to deal with something similar?

  • i'm stuck since i'm in webadmin, how do i go into sysadmin ??

  • Type your comment> @LSnake said:

    i'm stuck since i'm in webadmin, how do i go into sysadmin ??

    check what you can execute as s*** . you might find something intresting

  • i think i should do something with luvit? how can I use it?> @Princevil said:

    Type your comment> @LSnake said:

    i'm stuck since i'm in webadmin, how do i go into sysadmin ??

    check what you can execute as s*** . you might find something intresting

    i think i should do something with luvit? how can I use it?

  • Type your comment> @LSnake said:

    i think i should do something with luvit? how can I use it?> @Princevil said:

    Type your comment> @LSnake said:

    i'm stuck since i'm in webadmin, how do i go into sysadmin ??

    check what you can execute as s*** . you might find something intresting

    i think i should do something with luvit? how can I use it?

    seems you are on right track . check user folder there are some more intresting stuff to understand .

  • edited March 2020

    "Unexpected symbol..." error. What am i missing here?
    Update: GOT IT!

  • I guess my osint skills are trash because I just don't get what I am supposed to do. I found some stuff based on what i found in the HTML source and I have tried all the shells I have found based on my google search but i just get 404. Can someone help me out?

  • edited March 2020

    Type your comment> @MaximumBob said:

    I guess my osint skills are trash because I just don't get what I am supposed to do. I found some stuff based on what i found in the HTML source and I have tried all the shells I have found based on my google search but i just get 404. Can someone help me out?

    you need to search for author fav shells

    Hack The Box

  • I'm a beginner. Not able to ssh w**a**** without a password. Any tips?

  • Type your comment> @gravecode said:

    I'm a beginner. Not able to ssh w**a**** without a password. Any tips?

    If you are that user, is there something you can add that will let you in without a password? Though I would save it for later, you can do all (or almost all depending on your final vector) without SSH, just pivoting off the initial foothold session.

  • ROOTED 🎈🎉
    This machine was frustrating at times but ended up being pretty simple. Overall I liked it and had fun. Learned a new way to priv esc and learned about the Message of The Day.
    Nudges
    Foothold: OSINT
    User: Check what you have privs to run as someone else
    Root: Check to see what you have write access to

    PM me for Nudge

    GotRoot
    If I helped you out at all, feel free to click my badge and give +1 respect!

  • [email protected]:~# whoami
    root
    [email protected]:~# id
    uid=0(root) gid=0(root) groups=0(root)
    [email protected]:~#


    but........the root flag is not working :|
  • edited March 2020

    Type your comment> @D0p4m1n3 said:

    [email protected]:~# whoami
    root
    [email protected]:~# id
    uid=0(root) gid=0(root) groups=0(root)
    [email protected]:~#

    but........the root flag is not working :|

    Might have something to do with this https://www.hackthebox.eu/press/integrity-of-hack-the-box. Don't hold me to it though. I rooted earlier today and it accepted my root flag

Sign In to comment.