Official Unobtainium Discussion

Official discussion thread for Unobtainium. Please do not post any spoilers or big hints.

«1

Comments

  • seems everything works fine

  • My first hard box and I'm already stuck at foothold lol

    Any nudges would be appreciated
  • got user. working towards root now. its fuckin hard. lol

  • Are we supposed to install a downloaded package?

  • Spoiler Removed

    xtk

  • xtkxtk
    edited April 13

    extraction is good enough

    xtk

  • first hard box, got user after 24h brainf*** :-D let's see how long I need for root
    I've learned a lot so far, very funny :)

    for hint, pm me

  • edited April 12

    do i need to escape d***ker to get root here???

    for me. this box is not hard. it is insane as fuck!

  • I gotta say, weird but interesting box, if anyone wanna help me with nudges pm me here or dm me on discord SuPerCoW#8100

  • Finally got root, very nice box !
    Pm me for hints

  • Got root. It truly was a learning experience. If you need any hints you can pm on Discord: Lich#8715

    Hack The Box

  • Hello can anyone help me. I found another IP address after getting foothold, in K***** P** on d** namespace. How to enumerate it. Please help me. Sorry for my bad english.

  • edited April 14

    Spoiler Removed

  • Rooted.

    user for me is easy. but getting on root is such a pain in the ass.

  • edited April 16

    Trying to bruteforce files other than t**o.txt -- I have found the u***** endpoint and creds but not sure what to do from here

    Hack The Box

  • edited April 16

    foothold was definitely hard, but now trying to understand the escape. Does anyone have the documentation they can refer me to?

    Edit - figured it out.

  • Fun box and great experience... Thanks @felamos
    Much thanks to @0xLich and @godylockz

    sicario1337

    Happy to assist and 'Respect' is always appreciated
  • Really fun box which taught me a lot, thanks @felamos.
    Thanks also @sicario1337 for keeping me on track.

    PM if you need a nudge.

  • I got root after a long journey.
    Mega thanks to following friends:
    @xtk and @mcdave2k1

    They helped me to solve the very hard box.

  • FInally rooted one of the most challenging box so far.
    User is quite straightforward, everything is in front of your unobtainium app :smile:
    For root, you have to be familiar with containers, so thanks to tahaa and dionysus for bringing me to the right road.

    Hack The Box
    Click here for HTB Profile: You are welcome to contact me for a nudge, but if I help you, please consider giving respect.

  • I've just started on this box, having fun already :) Did anyone else notice that the favicon resembles the one used by the Dutch newspaper "de Volkskrant", or is it just me? (http://www.vk.nl)

    image

  • This was really well done for sure! Lots of fun.

    jessica0f0116

  • Type your comment> @CounterSu said:

    I've just started on this box, having fun already :) Did anyone else notice that the favicon resembles the one used by the Dutch newspaper "de Volkskrant", or is it just me? (http://www.vk.nl)

    Got user! Took me a long time since there was a lot of new stuff to learn; the box employs some techniques I didn't know - but do know now. Great experience so far!

    image

  • Great box, the foothold especially was really cool. The different tools I used and ideas I had to follow through were very exciting and just that was already a lot because I learnt quite a lot of new stuff.
    The root part had me very confused and I really wasn't sure what I was doing until the end. Even after that, I plan on doing that box a few more times to carefully take notes along the way because I still feel like in the middle of the smog.
    Overall, really cool box, and I really loved the foothold :) Thanks @felamos

    dragonista

  • Very very interesting box, good job to @felamos for something different. The foothold was quite convoluted for me, as I am not familiar with the language, but the root part instead was fairly smooth and quick, but very real-word like!

  • Finally rooted this box!

    Thanks @felamos, I had a great learning experience both with user and root. The great thing about this box is that it forced me to research new techniques and methods - and exploiting them. What a ride.
    Respect towards @sudneo. Could NOT have done it without his help and advice!!

    Some hints:
    User: Everything you need is in the app. There is more than one way to reverse and use it.
    Root: Once you figure out how the container is managed, follow the yellow brick road. Enumerate and research. This quite a new path so resources might be limited. Be persistent!

    image

  • edited May 16

    Finally root, this took me a lot of effort I'm sure who is familiar with technology involved can solve the box with less trouble than I had.

    Foothold/User: analyze carefully what you have and extract useful informations. At some point with enumeration you should be able to find the right path, try not to pollute with too much enumeration.

    Root: once you're in classical enumeration will make you understand that something is behind the scene. Here I had to do a lot of study and google-fu. You need to create something malicious (using same approach as foothold) that could allow you to reach the goal.
    I managed to retrieve the flag and a shell, but it was really unstable I don't know if anybody experienced the same situation.

    Thanks for the box!

    alemusix

  • Dm me if you want any nudge

  • Type your comment> @alemusix said:

    Finally root, this took me a lot of effort I'm sure who is familiar with technology involved can solve the box with less trouble than I had.

    Foothold/User: analyze carefully what you have and extract useful informations. At some point with enumeration you should be able to find the right path, try not to pollute with too much enumeration.

    Root: once you're in classical enumeration will make you understand that something is behind the scene. Here I had to do a lot of study and google-fu. You need to create something malicious (using same approach as foothold) that could allow you to reach the goal.
    I managed to retrieve the flag and a shell, but it was really unstable I don't know if anybody experienced the same situation.

    Thanks for the box!

    it is not unstable, is HTB that thinks that everything is a "race condition" and cleans everything shortly

  • edited May 19

    Is anyone available for a quick sanity check on the foothold?

Sign In to comment.