NIbbles

17810121319

Comments

  • edited May 2018

    I got user.txt. Trying to find creds to ssh as the user instead of the meterpreter shell. Is that necessary?

    Hack The Box

  • I got user.txt stuck with escape tty, and how to run monitor.sh

  • @wanz327789 said:
    I got user.txt stuck with escape tty, and how to run monitor.sh

    How would you run something as root on any other system?

    Largoat

  • edited May 2018

    new to this and this is the first box iv'e tried. Got user pretty easy but stuck on what i feel is the very last step in privesc...

    got the user in a full shell
    I'm running the .sh file but cant figure out how to 'step in' as its executing to grab the root user. i tried passing it to bash "./XXXXXXX.sh bash" bit i get "TERM environment variable not set.". though maybe write a new file to replace the existing one with a exploit but dont have write permissions in vi. though maybe i can pass the executing script to another shell but i have no idea how...

    really ran out of ideas now so any help is massively appreciated! loving it so far though!

  • I’m in the same boat now, I have user and a reasonable shell. I just get kicked off every 3-4 mins by people restarting and I’m not sure yet how to get root.
  • still stuck on finding shell.. any clues? maybe ive found it and just didnt realize. please help me out!

  • JOk3Rxvi, if you have the username and password then you should be able to use a known exploit to get a shell.

    I'm giving up for the evening on /root/root.txt - I just can't think anymore. :angry:

  • I got the username and password, and I know the exploit (i think) however when I get a shell I cannot type any commands. Any chance someone could help me understand what I am doing wrong? Wont lie, im a noob.

  • @UN1X00 said:
    JOk3Rxvi, if you have the username and password then you should be able to use a known exploit to get a shell.

    I'm giving up for the evening on /root/root.txt - I just can't think anymore. :angry:

    i dont know the username and password.. thats what i need help finding.. :/

  • edited May 2018

    AnyOne can help with this:

    su: must be run from a terminal

  • @jc1396 said:

    @dvnv said:
    i found what i need to find to get root.txt... clearly should be able to use it to elevate. however, when trying to utilize what i found with the proper permissions, i'm seeing this:

    ": unable to resolve host Nibbles: Connection timed out
    : no tty present and no askpass program specified"

    any ideas here? nothing i've been able to do, reading up on ttys, has been able to get this to work.

    Same here....WTF?

    found any solution for this problem

  • @g1ant372 said:
    @MrChrisWeinert @dvnv @jc1396
    Any luck with the TTY issue when trying sudo?

    I feel this is the last thing to get root. But may be a common fix as i saw the same issue in Bashed, but didn't end up needing it.

    PM me if needed.

    i am having this same issue. need help

  • Could someone help me out in PM if you have a minute?
    I've edited the monitor.sh and tried catting the contents of root.txt to a temp file but got permission denied on cat.

    Also tried nc to pass a root shell but that didnt seem to do anything

  • @J3rryBl4nks said:
    I got user.txt. Trying to find creds to ssh as the user instead of the meterpreter shell. Is that necessary?

    No.

  • stuck on getting root, can anyone help with what I need to edit the file with please?

  • @Lukee505 said:
    Could someone help me out in PM if you have a minute?
    I've edited the monitor.sh and tried catting the contents of root.txt to a temp file but got permission denied on cat.

    Also tried nc to pass a root shell but that didnt seem to do anything

    Enumerate the machine more - LinEnum.sh tells you what you need to know

    kurexit

  • Do people keep changing the user creds? I was able to login about 30 minutes ago. Then whilst I was working on something the box got reset. I go to log on to try and get a shell and the creds don't work anymore.

  • @bugzy said:

    @g1ant372 said:
    @MrChrisWeinert @dvnv @jc1396
    Any luck with the TTY issue when trying sudo?

    I feel this is the last thing to get root. But may be a common fix as i saw the same issue in Bashed, but didn't end up needing it.

    PM me if needed.

    i am having this same issue. need help

    easily got the user.txt. Just ran the LinEnum and found the monitor.sh, i got stuck here and have no idea how to get the root

  • > @Evilbae1412 said:
    > @bugzy said:
    >
    > @g1ant372 said:
    > @MrChrisWeinert @dvnv @jc1396
    > Any luck with the TTY issue when trying sudo?
    >
    > I feel this is the last thing to get root. But may be a common fix as i saw the same issue in Bashed, but didn't end up needing it.
    >
    > PM me if needed.
    >
    >
    >
    >
    >
    > i am having this same issue. need help
    >
    >
    >
    >
    >
    > easily got the user.txt. Just ran the LinEnum and found the monitor.sh, i got stuck here and have no idea how to get the root

    Have you tried interacting with monitor.sh?
  • I spent more time on getting the user creds than I spent going from that point to getting root. The obvious bit passed me by.

    Once I had a shell it took some will power to not use the things that were appearing in the file system as I was working out the privesc.

  • @impetuousdanny said:
    > @Evilbae1412 said:
    > @bugzy said:
    >
    > @g1ant372 said:
    > @MrChrisWeinert @dvnv @jc1396
    > Any luck with the TTY issue when trying sudo?
    >
    > I feel this is the last thing to get root. But may be a common fix as i saw the same issue in Bashed, but didn't end up needing it.
    >
    > PM me if needed.
    >
    >
    >
    >
    >
    > i am having this same issue. need help
    >
    >
    >
    >
    >
    > easily got the user.txt. Just ran the LinEnum and found the monitor.sh, i got stuck here and have no idea how to get the root

    Have you tried interacting with monitor.sh?

    yeah but same tty error popping up even after setting up interactive terminal

  • I cannot figure out this password. Have tried many variations of usual things.

  • Please do not change the account password! Thanks.

  • @JOk3Rxvi said:

    @UN1X00 said:
    JOk3Rxvi, if you have the username and password then you should be able to use a known exploit to get a shell.

    I'm giving up for the evening on /root/root.txt - I just can't think anymore. :angry:

    i dont know the username and password.. thats what i need help finding.. :/

    It's very easy to guess / know the credential for the web app. Dont think too much ;)

  • So getting the username and password was easy and finding the admin panel was pretty simple too. Now the only issue is the exploit. I found the exploit but I keep getting the "manual cleanup of 'image.php' on the target" error. I reset the machine, but I'm still getting the same error. I tried a different payload and a connection was established, but i was unable to run any commands. Anybody running into this same issue?

  • @darthgucci said:
    So getting the username and password was easy and finding the admin panel was pretty simple too. Now the only issue is the exploit. I found the exploit but I keep getting the "manual cleanup of 'image.php' on the target" error. I reset the machine, but I'm still getting the same error. I tried a different payload and a connection was established, but i was unable to run any commands. Anybody running into this same issue?

    I was able to get shell to work after a few tries. Host is a bit buggy. The same shell which had failed 3-4 times before worked. Got the user hash. Working on r00t

  • So I'm trying to use LinEnum.sh, can someone PM and help me?

  • so i tried to get LinEnum on the host via wget, curl, and scp from my host but none of them work. Can someone point me in the right direction as to how to get the shell script on the host

  • @darthgucci said:
    so i tried to get LinEnum on the host via wget, curl, and scp from my host but none of them work. Can someone point me in the right direction as to how to get the shell script on the host

    I figured it out, the upload command in meterpreter kept spitting out errors, but i figured it out after a couple of tries.

  • I've got the user flag and I can't for the life of me figure out how to get root. I've run linenum.sh and I know about what's weird but I don't know how to use that information because of the 'tty not detected' error when I try to sudo. Can I PM someone for some advice?

Sign In to comment.