Magic

11516171820

Comments

  • Rooted!

    Root should have been quick for me, but the hints here were blowing right over my head. Thank you @TRX for this box!

  • Fun box. I've always heard about the priv esc method used for root but never actually seen it play out, haha. Great box!

    aut0exec

  • Okay, after like 5 hours stuck at root, I'm conceding. I need a nudge. I've spied a couple of interesting things as user, but can't make the connection, I guess. Help!

    image

  • Finally managed to get the root flag, but couldn't seem to get a full root shell. If anyone managed to get one, please DM me. I would love to learn how to do so.

  • @chaoskreator said:

    Okay, after like 5 hours stuck at root, I'm conceding. I need a nudge. I've spied a couple of interesting things as user, but can't make the connection, I guess. Help!

    If you enumerate well you can find something running. Look at what it calls and change the road it uses.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • @ricepancakes said:

    Finally managed to get the root flag, but couldn't seem to get a full root shell. If anyone managed to get one, please DM me. I would love to learn how to do so.

    It massively depends on how you got the root flag. As far as I can see anyway you can get the flag could be modified to call a shell instead.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Finally got it. Root was a pain. Thanks to @TazWake for the nudge.

    image

  • edited July 9

    OOf finally rooted. Root was a bit tricky.

    What is the best way to find issues like this?. It did show up in my priv esc script but it looked like a normal thing that is supposed to be in the system and skipped right over it. Anyone willing to discuss the root method?

    Also i was having some issues seeing the output of root shell and redirecting stdout to stderr worked (1>&2). Not really sure if there is a better way.

    PM if anyone need any hints.

  • I need help, I can't escalate my priv. I already have the terminal... please help.. thanks i want to learn more... please.

    Hack The Box

  • An absolutely wonderful box! Got a ton of fun solving it! Thx a lot @TRX

    0x79656574

  • I need to know if I am missing something on Foothold or it there is something wrong with my box.

    I have the valid creds to login... The issue is everytime I use them it just refreshes the current login page. It never actually let's me login?

  • Type your comment> @DataLeak said:

    I need to know if I am missing something on Foothold or it there is something wrong with my box.

    I have the valid creds to login... The issue is everytime I use them it just refreshes the current login page. It never actually let's me login?

    Which part are you in? I already rooted the box. :)

    Hack The Box

  • I rooted the box! Thanks all!

    Hack The Box

  • Finally rooted, my first medium box :)
    I needed some hints but very funny box. If someone is stuck read the complete thread there are many hints, if you combine them you get it for sure.

  • Finally rooted!!,
    Thanks to @TazWake and @UGlz for their help.
    "The devil is in the details"

  • i have both flags for this box, but neither of them are being accepted -- is something up?

  • Type your comment> @hazel said:

    i have both flags for this box, but neither of them are being accepted -- is something up?

    try to reset the machine.. it happens to me before..

    Hack The Box

  • I have a shell for www-data and found creds for a db user, but i cannot for the life of me figure out how to use them :/ any help here?

  • Rooted the Machine.
    It is a pretty straight forward machine but somethings are misleading. Be sure to look carefully inside the details.

    Initial Foothold: You can get past the gate without a key. Images can store other things too
    User:enum and what you find will lead to what you need
    Root:Make sure it uses something that you created

    PM if you need help

  • Rooted.

    A simple, enjoyable box. Definitely overthought the escalation to root, it's much simpler than originally thought.

    Happy to help if anyone is stuck.

    Hack The Box

  • Pretty cool box... Rooted successfully...
    Can knock my inbox for nudges!
  • Rooted, fun box
    Feel free to PM if stuck

  • Rooted !! NEED HELP ? Msg me

  • Hi All
    Fun Box
    but spent some time for the Root access -_-

    I found the process (the way to be root) but it doesn't work
    is it cause of the docker process ? I retry and retry... that never work

    Help please ;)

  • @D4rm1 said:

    Hi All
    Fun Box
    but spent some time for the Root access -_-

    I found the process (the way to be root) but it doesn't work
    is it cause of the docker process ? I retry and retry... that never work

    Help please ;)

    The way to root the box should work, I dont think it would be affected by anything else.

    Have a look at what calls what, add something of your own and give it a new road to use.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Type your comment> @TazWake said:

    @D4rm1 said:

    Hi All
    Fun Box
    but spent some time for the Root access -_-

    I found the process (the way to be root) but it doesn't work
    is it cause of the docker process ? I retry and retry... that never work

    Help please ;)

    The way to root the box should work, I dont think it would be affected by anything else.

    Have a look at what calls what, add something of your own and give it a new road to use.

    Thanks
    But that's what i did. I search from Google to do it correctly.
    I run the binary file...
    no it has no effect

  • @D4rm1 said:

    Thanks
    But that's what i did. I search from Google to do it correctly.
    I run the binary file...
    no it has no effect

    Without wishing to sound rude, but if it has no effect, you didn't do it correctly.

    If you did it correctly either it breaks something or your exploit works.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • is there a way to make an ssh? it always keeps telling me permission denied (publickey)

    i allready put pub key in .ssh.. and still nothing.

  • @protei300 said:

    is there a way to make an ssh? it always keeps telling me permission denied (publickey)

    i allready put pub key in .ssh.. and still nothing.

    Depending how specific the syntax is, you might want to double-check how key-based authentication in SSH works.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Finally rooted... With ssh was my stupid, forgot to add to authorized_keys...

    Root was very interesting... seems i found it by luck.... or nearly by luck

Sign In to comment.