• edited May 2020

    there is so much hint in this forum for user

    hint for root :


    PM me if u need nudge :smiley:

    and big thanks for @ASHacker nice box btw!!

  • Rooted!!

    Initial foothold is tricky, root is really very easy.
    I struggled a lot because i did not clearly read output of commands.

    Thanks to @Dark0 for initial foothold. Thanks to @Str4thus and @gonzaloFSF for hints towards root.

    My hints:
    Initial foothold:
    1. What has author created apart from cache ? It can be accessed.
    2. There are bunch of vulnerabilities. You need to use multiple vulnerabilities to get initial foothold. Identify which works. There is a video which explains how to do it.

    User 1:
    1. You found something in foothold, its not useless. Flip the SWITCH !!

    User 2:
    1. Check what services are running on machine. Found something related to machine name ?
    2. Good article to help you exploit it

    1. What permissions User 2 has
    2. GTFO

    PM me if you need a hint

    I would like to know the method of initial foothold without hampering the machine. Could anyone enlighten me ?

  • Finally rooted! Initial foothold was rather circuitous and there were many blind alleys to go through - it took me days to get the initial shell while root took only about 1-2 hours.

    Foothold: Once you've found the H** that everyone is referring to, the fun begins here. At first, I had to sieve through the many vulnerabilities and decide which to use. In the end, I only relied on what was already available in a certain framework in my attacking box. I suspect there are multiple routes to get to the first web shell. I went the not-so-disruptive way but would be interested to hear of alternative methods that chains vulns together in different ways.

    User 1: You might have found something previously which would help.

    User 2: It's a service related to the name of the box.

    Root: Blue whale and something special about user 2. There could be slight variations in the root approach. I stumbled for a while before I realised I had to check on images before I could proceed.

  • Rooted! Feel free to ask me for tips

  • finally rooted!!!
    Thanks @unknwon and @unmesh836 for the nudges.

  • edited May 2020

    Rooted! Thanks for all the tips and hints here. Feel free to ping me for any nudges! :D

  • what am i supposed to do with m*******d?

  • hey everyone, I'm stuck on cache - I got the service and got the admin but I'm stuck - I know how to exploit the machine afterwards but I need the missing piece to do that, any tips would be appreciated , thanks.

  • Rooted box!

    I want left one comment, what for me was pain and there is no nudge on the forum, pay attention how resolve juice string. This part was Foothold, the part more tricky.

  • Rooted.

    Happy to provide hints, just let me know where you are and what you've tried.


  • finally rooted!! pm me if you need any nudges

  • Finally rooted
    great thanks to @Dw0rdPwn3r
    also many many thanks to you guys @ellj @CyberG33k

  • edited May 2020

    This has to be one of the most frustrating machines in the site. From the random hangs of the service to the weird errors on things that were working before...

    Edit: Rooted it.

    The initial foothold was harder than necessary in comparison with the root. But enjoyed it anyway.

    Hack The Box

  • what are good resources to learn docker hacking. google obviously. But in case someone has precise and good blogs/ channels etc. Thanks

  • Owned this machine finally. User part took some time and root privesc is very easy. One can do it in 1 mins under.
    PM me for hints only. Let me know where you are now and what you did so far.
    Happy to help.

    A Chemist doing Penetration Testing - Check the Story here: BinaryBiceps

  • Type your comment> @MrSHolmes said:

    what are good resources to learn docker hacking. google obviously. But in case someone has precise and good blogs/ channels etc. Thanks

    Dont take this personal, but srsly GTFO ! :D


  • What a ride, always feel a bit confused with some part of user : bit of guessing or classic hacker knowledge .?? I really sucks at this part.
    The root part is easy
    Thanks @Dw0rdPwn3r and @unknwon for their help
    Feel free to PM for nudge.

    Hack The Box

  • nice box

  • Done. PM if help needed

  • Is anyone struggling with O*****R Exploit

  • @alesawe said:

    Is anyone struggling with O*****R Exploit

    Read through some of the public documentation and try out the POC code provided. Then it should be fairly simple.



    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Type your comment> @enigmaNL said:

    Type your comment> @MrSHolmes said:

    what are good resources to learn docker hacking. google obviously. But in case someone has precise and good blogs/ channels etc. Thanks

    Dont take this personal, but srsly GTFO ! :D

    haha..that was a good clue. I am reading it.

  • Nice box, the root part is easy, really interesting the user part.
    Thanks @ASHacker .

  • Pretty interesting way from foothold to l***y, root is easy, but learned about that service, thanks!

  • Pretty straightforward box, I really liked this one.

  • rooted!!
    foothold was really nice....had abit of struggle with it and needed to use a tool I never used much:) Thanks for the box!

    feel free to PM if u are stuck :)

  • heyy can anyone give me a nudge on the footohold

    Hack The Box

  • A suggestion if I may: if you see something that tells you it's going to overwrite some globals, then please avoid it - it just makes others want to reset the machine. There are nicer and much cleaner ways to get the foothold, just google for more vulnerabilities of the same system.

  • Rooted, DM for hints

  • edited May 2020

    im stuck at foothold =/ any nudges?

    edit: rooted (:

Sign In to comment.