Official Spectra Discussion

Official discussion thread for Spectra. Please do not post any spoilers or big hints.

«13456

Comments

  • stuck at n**** user. anyone can help with how continue from here?

    Hack The Box

  • Same here, found a d********.txt but I think its a rabbit hole

    OSCP | Stay root! | Twitter: S1lky_1337

  • chuchu
    edited February 27

    Spoiler Removed

    Hack The Box

  • edited March 1

    Type your comment> @chu said:

    Hm, linpeas gave you what's needed? I found it manually, but linpeas did not show it. Spend like 2 hours on that. Privesc was straight forward and easy.

  • Spoiler Removed

  • Spoiler Removed

  • Quite cool machine, Thanks!

  • Rooted. Nice box. Thanks!

    secur30nly

  • Rooted.
    Great easy box .
    For the hints everything is said above but pm me if you need more help.

    SpawnZii

  • Rooted !
    Nice box, relatively straightforward.

    PM if needed :)

  • Fantastic easy box. Reminder that just because something isn't in gtfobins doesn't mean you can't run commands with it

    If you're looking for help, don't be afraid to send me a message but make sure you include info on what you've tried and what you're thinking

    cmoon
    OSCP

  • uid=0(root) gid=0(root) groups=0(root)

    Foothold: Just look, what you can't see
    User: Enum, Enum and Enum
    Root:Just edit something ;)

    If you need any help feel free to PM me.

  • Spoiler Removed

  • edited February 28

    Spoiler Removed

  • Can anyone explain why running "./linpeas.sh" gives me a permission error, but running "bash linpeas.sh" works fine? All permissions are set correctly, I've never seen this before.

  • Rooted in less than 30 minutes. This is way too easy, after getting foothold instantly privesc to root. May I know if it is intended?

  • is anyone else having issues with connection on this box? SSH freezes up within seconds of logging in. Doesn't seem to be an issue on other boxes.

  • edited March 1

    ROOTED

    earlier, i wonder why i can't login as an A****nis***tor. and also i can't submit flag, so i need to start over again. if you encounter this problem just reset the machine.

    Hints:

    foothold:
    make sure you read the source code.

    user:
    dont forget to enum. or you will miss summer.

    root:
    check root perm ;)

    if you think i spoiled something. feel free to report this as a spoiler.

  • This was a weird one for me. HOURS to find the right user thing (my fault I guess), and less than 60 seconds to get root :|

  • Finally got root. Very easy except for the reset connections was a little aggressive.

  • Type your comment> @benjamin2000 said:

    Can anyone explain why running "./linpeas.sh" gives me a permission error, but running "bash linpeas.sh" works fine? All permissions are set correctly, I've never seen this before.

    It's kind of funny. The filesystem is set as non-exec. So, the script itself is not executable. However, bash is executable and in a filesystem without the non-exec flag. So, even though if you call the script directly it'd usually use bash as interpreter, you cannot do it. You need to call bash and have it opening the script.

  • edited March 1

    @Kaiziron said:

    Rooted in less than 30 minutes. This is way too easy, after getting foothold instantly privesc to root. May I know if it is intended?

    The box is easy, but after getting foothold you should at least have found some loot via common enumeration (easy again, but took me much more then 60 seconds to find out) and edited something else to get RCE after getting the user (this is actually very straightforward). If you have instant privesc as soon as you get the foothold you may have been piggybacking on someone else or found an unintended way. If not, kudos for your enum-fu!

    PM me if you want to confront your solution.

  • Type your comment> @damnc said:

    Type your comment> @benjamin2000 said:

    Can anyone explain why running "./linpeas.sh" gives me a permission error, but running "bash linpeas.sh" works fine? All permissions are set correctly, I've never seen this before.

    It's kind of funny. The filesystem is set as non-exec. So, the script itself is not executable. However, bash is executable and in a filesystem without the non-exec flag. So, even though if you call the script directly it'd usually use bash as interpreter, you cannot do it. You need to call bash and have it opening the script.

    Ah ok, makes sense. Thanks!

  • i spent hours trying to get a revshell and still cant get a connection back!
    tried php,msfconsole,bash and even made my own pl**n but cant get a shell !!!!

  • Type your comment> @AbuQasem said:

    i spent hours trying to get a revshell and still cant get a connection back!
    tried php,msfconsole,bash and even made my own pl**n but cant get a shell !!!!

    Try with msfconsole again !

  • I was able to go from www straight to root because of some permission things. Is that the right way? I'm thinking that maybe I just got lucky because it seems so wild and easy.

  • edited March 1

    am I blind or what? my enumeration skills are not enough, can't get user after foothold
    would love some help from someone
    edit: im blind lol

  • Rooted! :smile:

    foothold : just basic known cms rev-shell
    user : make sure you didnt miss any file from the automation tools output [we definitely getting close to the summer]
    root : from step to step you will understand which file you need to edit

    Hack The Box

Sign In to comment.