Official pivotapi Discussion

Official discussion thread for pivotapi. Please do not post any spoilers or big hints.

Comments

  • This is my first attempt at an insane box since I came back to HtB and I look forward to hopefully getting SYSTEM! Never beaten an insane box before and I hope that this lives up to its difficulty

  • edited May 10

    Ok, this is not easy. A bit down the path my usual tools fail me. I have made it all these years without installing IDA but perhaps now is the time...

    EDIT: That was a faulty assumption. Ghidra works just fine, just not on my Windows machine for now!! :(

    f1rstr3am

  • When you finally stumble out of that strange RE experience, you guess your way to RCE and realise you are still in prison...

    f1rstr3am

  • Type your comment> @f1rstr3am said:

    When you finally stumble out of that strange RE experience, you guess your way to RCE and realise you are still in prison...

    In the same position now. Using RCE to slowly look around, but the environment seems very restricted.

  • edited June 1

    I was in the same point, I had no clue where to go next, so I quit
    Edit: There is an unintended way in the machine, and I see I can do something, but I guess it was the unintented path, not sure thou

  • @kabutor said:

    I was in the same point, I had no clue where to go next, so I quit
    Edit: There is an unintended way in the machine, and I see I can do something, but I guess it was the unintented path, not sure thou

    I thought I found an unintended path related to common exploits for a privilege using a popular root vegetable. However, I got nowhere and I think the unintended routes have been patched.

    Sadly I am left with no idea how to progress this beyond a low priv shell! I've given up on it for a while to see if something makes my brain work better soon!

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Pretty much at same point as everyone else, managed to get root flag using unintended path before it was patched but couldnt get user flag using same method. If the veg path is also patched have no ides where to go now.
    Foalma321

  • Did anyone manage to root with veg path? Tried R***e veg but nothing so far.

  • Type your comment> @TazWake said:

    @kabutor said:

    I was in the same point, I had no clue where to go next, so I quit
    Edit: There is an unintended way in the machine, and I see I can do something, but I guess it was the unintented path, not sure thou

    I thought I found an unintended path related to common exploits for a privilege using a popular root vegetable. However, I got nowhere and I think the unintended routes have been patched.

    Sadly I am left with no idea how to progress this beyond a low priv shell! I've given up on it for a while to see if something makes my brain work better soon!

    Did you get anywhere?

  • @byt3punisher said:

    Did you get anywhere?

    No, I never got any further inspiration and then haven't had time to get back on the boxes. Maybe in a week or so - but still no idea how to actually do it.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Eventually got root. I was stuck for a while like everyone else trying things with the veggies collection but that's dead end afaik. All the hardening on the box is there for a reason: preventing such quick and easy path.

    It's difficult when being apparently this close from the crown jowels but here there's no choice but to take a step back and think of another path.

    When the veggy won't work, try the good'old doggy ;)

    amazing box, difficult in the sense there are a lot of steps but there's no ctfish trick, everything makes sense.

  • edited June 17

    Finally managed to move forward from the restricted environment, and got the user flag :)

    EDIT: Got root. The hint from @mfidel about dogs is a good one. Lots of steps from user to root, but the path is fairly clear.

    Thanks @CyberVaca and @3v4Si0N for an excellent box!

  • Got user thanks to @mfidel @camk @davad now onto root with the dog!

  • Nice work @byt3punisher Release the dogs!

  • Finally got root. Very fun box, really enjoyed it! :) Required a couple of hints and tooling advice on this one.. I have learned a lot.

    Happy to help, if anyone needs a nudge.

    dombg

  • Mad respect to @camk and @dombg for their suggestions and tips. Anyone doing this now don't waste time trying to break out of ur restrictive shells with ssh or reverse shells. Just look for ways to execute commands as the intended user.
  • edited September 7
    Hi guys! A small question - on one of the steps after "doggies" there is a need for reverse engineering again??
  • > @angryb1rd said:
    > Hi guys! A small question - on one of the steps after "doggies" there is a need for reverse engineering again??
    it doesn't matter, solved this part already!
  • Hi guys ! Got user after more than two months of suffering.
    Thanks again @camk for his help.

  • edited September 22
    Thanks @dombg
Sign In to comment.