Travel

13

Comments

  • rooted what a box
    initial hint : dont fuzz crazy be smart when you find it use a tool
    DM for hints if you still stuck

    0zxyx

  • I've rooted it, thanks @0x41 and @ElVi7MaJoR :)

  • Finally after "travelling" on a massive rabbithole, finally arrived at the correct root. :)
    Thank you @fr0ster and @b3nn for the guidance.

    Tip: Priv esc is easy if you enumerate well. If you think you got root and root.txt is missing, step back and don't push further. I went on a massive rabbithole because I got a root but was actually a rabbithole root.

    Cheers to the creators.

  • Thanks a lot to all of you that helped me during this, for me very difficult box!

    Shout out to the creators! It was really good!! :D

  • found the foothole...i think - this box just got real interesting real quick

    Hack The Box

    More than happy to help out and give hints - sorry if you've messaged me on forum.htb and I haven't got back, I might be more reachable via discord: CRYP70🇦🇺#8985

  • Type your comment> @CRYP70 said:

    found the foothole...i think - this box just got real interesting real quick

    I just started and find it interesting, hopefully more to follow.

  • awesome box; i spent a fortune of time trying to X**. finally rooted!

  • Type your comment> @dakkmaddy said:
    > Type your comment> @CRYP70 said:
    >
    > (Quote)
    > I just started and find it interesting, hopefully more to follow.

    Yeah I know right, bout time we got a WordPress site on hard difficulty :D

    Hack The Box

    More than happy to help out and give hints - sorry if you've messaged me on forum.htb and I haven't got back, I might be more reachable via discord: CRYP70🇦🇺#8985

  • Working my way forward with this box. Still haven' completely figured how d***g works. I mean I can trigger it with exactly one "switch" and will search now for more switches, not understanding the output yet.

    Not asking for nudges but one thing I'd need to know. Do I need to use an actual R** client or is that a rabbit hole / working in a different manner?

    Hack The Box

    I'm rarely online.

  • Type your comment> @sparkla said:

    Working my way forward with this box. Still haven' completely figured how d***g works. I mean I can trigger it with exactly one "switch" and will search now for more switches, not understanding the output yet.

    Not asking for nudges but one thing I'd need to know. Do I need to use an actual R** client or is that a rabbit hole / working in a different manner?

    it's not a rabbit hole.

  • hint:
    -. Recon
    -. Analyzing language roles
    -. Deserialization
    -. Bypass xxxx filter
    -. litle scripting
    -. Basic enum
    -. G0t r00t

    Fedriclesomar
    Try Harder! | Rarely Active on Forum

  • Type your comment> @eightdot said:

    would really like a nudge on root, i found s**, some stuff in L*** and something that only returns **4.
    but no idea that to do/look-at next

    update: found my way forward, then missed a bit hint a client program gave me

    I feel like I'm in the same place and unsure if L*** is the way forward to root. Any nudges would be appreciated thanks.

    This box has been awesome, thanks @xct & @jkr

    Hack The Box

  • Hey, i can overwrited me*****he but i have no idea what to overwrite, can someone tell me in pm what must i overwrite,please ?

  • edited May 27
    Need some help on building exploit for m*******e and d***g. I can understand what happens behind the scenes, but I can't find a way to go further for next step.

    Edit 1
    Got user. Thanks @d3spis3d for the clean explanations on on those exploit building things.
    On to root.
  • edited May 27

    ~

    Root owned. It's a brilliant machine. But was a pain in the a*s for the last 3 days.
    Initial foothold and initial shell is really hard as f**k. Root is easy.
    For the first time i wrote a py script and it worked like a charm. Feel Proud.
    Thanks @xct @jkr for the pain and stuffs to learn.

    PM for cryptic nudges.

  • Type your comment> @0xstain said:

    Hey, i can overwrited me*****he but i have no idea what to overwrite, can someone tell me in pm what must i overwrite,please ?

    You don't have to overwrite anything. Just because something exists, doesn't mean a second can't exist aswell.

    skunk

    Happy to offer nudges to anyone on boxes I've done, provided you show that you've reasonably tried to understand what the goal is! If I do help, please consider giving respect!

  • Finally - with (very patient) help from @0x41 and @d3spis3d

    I made things harder than they needed to be but also learned something new in the root privesc part.

    Happy to help others via dm

  • [email protected]:~# ip addr | grep 10.10.10.189 | awk '{print $2}' && whoami && id
    10.10.10.189/24
    root
    uid=0(root) gid=0(root) groups=0(root)

    Box made me wanna commit but we got there in the end. Thanks for the fun. Inbox is open, as always :)

    skunk

    Happy to offer nudges to anyone on boxes I've done, provided you show that you've reasonably tried to understand what the goal is! If I do help, please consider giving respect!

  • finally rooted after quite a long journey and lots of breaks! Hardest one ive done so far, learned many new things on this one. Awesome box

    Hack The Box

  • Found the B**g and stuck for a while now, any hints are appreciated

  • Finally got root on this after almost a week and some hints/nudges. Great box for sure!

  • @n0br3 DM me what you have so far and I'll try to help out a bit

  • Wow that box wasn't easy at all, I learned a lot, it tooks so much time to finish this but I don't regret it . I had most of the concept but here you need to go deep enough and make no mistake.
    Initial foothold: enumerate until you find the page where to travel, try to send your "request" by "another route"
    User: When you are able to travel, you are still at the beginning of the road, look for hints and go back, there is not only one way
    Root: The user that has access to all the roads can make anyone travel to the root

  • Can someone PM me for a sanity check on the initial foothold? Thank you

  • Really hard box but the best one I did so far. Thank you very much for the box creators.
    The initial part is the hardest one.
    user: There is very popular tool which will help you with the initial foothold and get back the connection - the travel route and the tool name are very similar.
    root: don't forget to check all files and then you will see your travel path

  • I found some interesting stuff for the path to root but I'm not sure how It can be leveraged? A possible rabbit hole? Has it even been leveraged in the wild?

    Hack The Box

    More than happy to help out and give hints - sorry if you've messaged me on forum.htb and I haven't got back, I might be more reachable via discord: CRYP70🇦🇺#8985

  • edited June 2

    finally owned. What a box. Learned a ton of stuff. Couldn't have done it without some tips.

    foothold: find all files you can and figure out an unusual way to communicate. After that you can force the service to open a door for you. Note: pay attention to the bytes!

    user: enumeration

    root: manipulate the guardian to let you in and give you what you need

    paying it back -- ping me for tips if needed

  • Massively challenging box - as everyone else here has said.

    Well done to @xct and @jkr for making something which really does push creativity.

    I probably spent two weeks trying to get user and the main thing I can suggest is look very carefully at everything you can get your hands on. The bedrock of the attack is a common problem in the language used then after that its about working out a way to exploit something else running.

    When it came to root, I think I was given a bit of an easy ride because someone else had left traces of what they did which gave me a massive pointer in the right direction, but general enum will also get you to see the way to get root. Then it is a matter of research.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Fucking amazing box!!!

    I really enjoied this box and took me a lot of time

    Initial shell was pretty amazing and really hard so my hints

    1) enumerate with clasical tools. Read the website and get one more site. In that site enumerate again and dump everything that you can. When you get all, try to clone and replicate in you localhost. I didn't need m******d service.

    user: clasic enumeration. Try to do it manually cuz some tools will give you too much info. How eve both ways should give all you need

    root: This part was hard for me: I didnt have experience in that service in that SO. I had to ready everything. when you get user, just try to do it the same thing and verify what you got, read and get some research if you need as I did

    Again, amazing box thx for this

  • edited June 7

    I'm stuck on problem any one can help me plz PM :neutral: )

Sign In to comment.