Official Knife Discussion

123457

Comments

  • Rooted!
    uid=0(root) gid=0(root) groups=0(root)

  • Rooted after some painful recon oversights. All the clues are in this thread.

    User: version numbers are your friend.
    Root: remember the basics, run some simple PE commands and the first part of the answer will jump out at you. After that, have a read of the online docs about that binary, the answer is in there.

    PM if needed

  • Hi everyone I have got access to shell but it is restricted can you please guide me

  • @nickhack said:

    Hi everyone I have got access to shell but it is restricted can you please guide me

    Write something to the system that lets you access it properly.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Need to review this as 1 star if you guys confirm its instability? otherwise it is only me!

    Easy as described, and not sure what "Chinese" part you're referring to? it is there on EXDB.

  • Type your comment> @salt said:

    Need to review this as 1 star if you guys confirm its instability? otherwise it is only me!

    Easy as described, and not sure what "Chinese" part you're referring to? it is there on EXDB.

    I had no instability on my end, also on VIP which may or may not matter. Usually on public ones if there are a bunch of people firing the same payload at once it might cause some instability.

    The 'Chinese' part is a reference to someone that wrote about the exploit were there is a Chinese link (version) of the blog as well.
    Not on EXDB but somewhere else fairly common search part

    Always happy to help others. 100% human

    https://www.mindfueldaily.com/livewell/thank-you/

  • Type your comment> @acidbat said:

    Type your comment> @salt said:

    Need to review this as 1 star if you guys confirm its instability? otherwise it is only me!

    Easy as described, and not sure what "Chinese" part you're referring to? it is there on EXDB.

    I had no instability on my end, also on VIP which may or may not matter. Usually on public ones if there are a bunch of people firing the same payload at once it might cause some instability.

    The 'Chinese' part is a reference to someone that wrote about the exploit were there is a Chinese link (version) of the blog as well.
    Not on EXDB but somewhere else fairly common search part

    Sounds like the instability is on my side only, restarted the guest OS and now it is better!

    As for the exploit, the 1st result on Google points to EXDB, which is fairly straight forward process.

    Thanks

  • Rooted, took me a while for both user and root, with some tips from this forum I managed to get both flags.

  • Solid box.
    DM for nudges.

    Harbard

  • I solved the box, if someone got a reverse shell or like any kind of interactive tty please contact me and tell me how you did it

  • edited June 23

    Ahh, restarted my shell and was able to get the command to finally execute.

    Hack The Box

  • edited June 23

    Finally rooted! And feel so dumb to have struggled with this for so long.

    User: Try a different tool if you typically use nmap. nmap shows a lot but you get something specific if you use a different tool(From what I found. Could also be using options for nmap that wouldn't show it).

    Root: Struggled with this for way to long. Check out what you can do on the machine and then do some research on what your findings can do on the machine.

    Thank you to the comments and those who helped me as this was my second box. If need help, DM me.

  • Got my Root, the hardest part of this box is probably just the initial foot hold with how "little" is given to you.

    FootHold: ENUM, use all the tools and you should find something you can work with.

    User: Tired of forgetting your password? Never have to enter again with this simple solution!

    Root: read the docs, when you find it it's pretty in your face.

    Feel free to DM if stuck.

  • Please give me a hint. I got the user's shell, but I can't become root.
    I think I can use k*e ec, but I'm stuck there.

  • Type your comment> @Joeljp said:

    Please give me a hint. I got the user's shell, but I can't become root.
    I think I can use k*e ec, but I'm stuck there.

    You are on the right track.
    I found the online documentation easier to read regarding what to do.

    Always happy to help others. 100% human

    https://www.mindfueldaily.com/livewell/thank-you/

  • Can anyone give me a nudge or check my k*e ec code, pretty sure I am super close to root but getting no input file specified, and whenever I actually get one working nothing is returned in the shell I have. Must be missing something very small here.

  • Rooted!
    Easy box, not at the beginning... You enumerate a lot and find nothing... When you discover some services and search on Google the light at the end of the tunnel is found. If you need help you can give it a nudge via PV.


    Enraizada!
    Caixa fácil, não no começo.....Você enumera bastante e não acha nada....Ao descobrir alguns serviços e pesquisar no Google a luz no fim do túnel é encontrada. Se precisar de ajuda pode dar uma cutucada via PV.

    RECIFE POXA!

    Hack The Box

  • Type your comment> @cyberakira88 said:

    Can anyone give me a nudge or check my k*e ec code, pretty sure I am super close to root but getting no input file specified, and whenever I actually get one working nothing is returned in the shell I have. Must be missing something very small here.

    Nevermind, used a different exploit to get a more stable shell and k*e ec code worked perfectly fine. Guess I just needed to try a different approach.

    Box rooted and was actually quite fun for an easy box.

  • Fun box!

    da1y

    OSWE | OSCP | eCPPTv2

    I rarely check private messages, if you do ask for help, show your workings. I don't reply to wall posts.

  • Great Machine,

    If you are stuck its all here in the thread.

    Feel Free to DM

  • Fun machine! here my hints:

    • Initial foothold: just check the technology in which the app is running and you should get the rest.
    • Root: just need to use the basics in order to get the attack vector.
  • Good box for a linux beginner.

    Found a new tool for User, Root was easy, it took longer than it should have to get the syntax right :)

  • Congrats @MrKN16H ! The first part has been Interesting, very recent

  • Fun and easy. I read about the incident by the time it occurred so I quickly spotted the vuln as soon as I saw the software version. Root was even easier. Just use a subcommand and run a command to get your root shell :wink:


    Feel free to send me a DM if you need some help. Just remember to tell me what you have already done so I don't spoil anything.

    y0k4i

  • Great box.... Gotta say that was one of the easiest easy boxes on HTB. Learned something new about an old gem!

    aut0exec

  • Has Anyone else had the 408 request timeout issue on gaining the foothold? I know I'm doing it correctly, I just don't know what is going on with the timing.

  • It was my first machine to crack loved it!!❤️
    was not easy but managed to get in😀😀
    little bit of googling worked.
  • Nice and very easy box.

    Foothold/User: Check the used technologies for exploits. Additional tools like Wappalyzer might give you better hints than the usual tools.

    Root: Check which commands you can execute and then research how you can use that to escalate.

  • Rooted. Feel free to hit me up if you need a nudge.

    My biggest hurdle for foothold (like many others have said) was not using a tool which gives more info about what services are running on the server during the initial enum phase.

    The biggest hurdle to root was the dumb shell I had access to once inside. It was obvious what I needed to do to get root, however my shell didn't quite... cut it.

    What methods did others use to upgrade their shells?

  • user flag was a logical approach. Little bit stuck on root. Trying harder. Already thanks for all the advices here on the forum. Appreciated.

Sign In to comment.