Official Academy Discussion

Official discussion thread for Academy. Please do not post any spoilers or big hints.

«13456711

Comments

  • Wishing all of you best of luck . This will be my very first , first blood attempt.

  • I'm having issues spawning the box. Anyone is facing the same?

    Hack The Box

  • Yup, first blood has already been done and I'm still waiting for the box to spawn as well. Very frustrating...

  • is that thing on that port relevant ?

  • anyone got creds for a**** page?

  • Found s** file. Will be looking closer on this.

    hopihallido

  • Was able to get admin and hit staging and see some interesting info but cant seem to remotely connect or get a foothold. Is this a rabbit hole? Where to go from here?

    zweeden

  • Type your comment> @zweeden said:

    Was able to get admin and hit staging and see some interesting info but cant seem to remotely connect or get a foothold. Is this a rabbit hole? Where to go from here?

    can u nudge me ?

  • I think the box is acting weird across all servers AU, US, EU ...etc
    All files are having 777 permissions

  • found some web pages and a high port, not getting much so far.

    n3wb1e

  • Is the admin login a rabbit hole ?

    n3wb1e

  • Got a reverse-shell!

  • @sT0wn said:
    Got a reverse-shell!

    Any tips?

  • edited November 7

    Just got a foothold. Ran some enumeration scripts but didn't see much and don't know where to go from here. Saw a bunch of users and saw a couple of files.
    Anyone know where to go from here? Or just discussion in general?
    Any nudges appreciated :)

    zweeden

  • @zweeden said:
    Just got a foothold. Ran some enumeration scripts but didn't see much and don't know where to go from here. Saw a bunch of users and saw a couple of files.
    Anyone know where to go from here? Or just discussion in general?
    Any nudges appreciated :)

    Any advice? I feel like I'm spinning my wheels once I got into the a**** page

  • After enumerating for a while, I found a file with s** creds, but probably not useful for now..
    What took my attention is the A** Ke* for L****el tried few things with it but it got me nowhere
    is that file a rabbithole?

  • Just got user and looking for some assistance/help on privesc/rooting - I've enumerated and done the usual things and noticed the new group but didnt read anything interesting. I must be missing something.

    Nudges would be greatly appreciated.
    DM me please or if you need hints to get to user :)

    zweeden

  • @ElleuchX1 said:
    After enumerating for a while, I found a file with s** creds, but probably not useful for now..
    What took my attention is the A** Ke* for L****el tried few things with it but it got me nowhere
    is that file a rabbithole?

    I'm stuck here as well :(

  • edited November 8
    Rooted!

    Took a while to find the fairly obvious path to root... 😊🙏

    Tnx @UrbanMystery and @LeBofDuRa
  • just rooted! feel free to dm or discuss! curious how others went about it!

    zweeden

  • Just finished, what a box! Here's a few tips that can help.

    Foothold: Check how you can escalate your privileges as a user on the academy, you'll be led to a nice hidden place. Follow what you find, and you'll find some interesting secrets. Use the secrets to your advantage to craft a gateway - what you want is closer than you think!

    User: The academy has more secrets, just need to find them. You'll find a few, but this particular secret is distinct from the others - don't doubt yourself, try it!

    Root: You're considered a particular type of user, rather privileged, you can see what others have done. You might need to audit a thing or two, you'll find a new secret. Afterwards you'll discover a new privilege - just feed it what it wants and you'll get root.

  • edited November 8

    uid=0(root) gid=0(root) groups=0(root)
    big thanks to @zweeden :)

  • Can... this be a feature on HtB?

    Not the vuln obviously but the "Academy" thing. Was not expecting to see something so put together on a box, fantastic work @egre55 and @mrb3n

    LMAY75
    Always happy to help, DM me if you need anything!
    Link to Profile

  • great machine @egre55 and @mrb3n , maybe a "medium" rating would be more appropriate ;o)

    Awesome ASCII art !

  • I got the user flag, but how do I escalate to root I am confused......plz help..

  • any hints for as user to escalate admin priv

  • I got a directory on the web server named Mo*****_f**** does this one help or I am in a rabbit hole

    image

  • Type your comment> @St4yc4lm said:

    I got a directory on the web server named Mo*****_f**** does this one help or I am in a rabbit hole

    I guess it's a rabbit hole, since you should find a more interesting page once you are more privileged than the mass...

  • rooted nice box

    Arrexel
    OSCP | I'm not a rapper

Sign In to comment.