Celestial hint

168101112

Comments

  • Just got this. If anyone needs a nudge, feel free to PM me. :)

    Sh311c0d324

  • goot root, nice box ;)

    L0s3r

  • Hello Friends

    I already found the file that is refreshed every 5 but my question is how to get a root shell, if you could give me a hint.

  • Hi, there,

    Some hint for the root shell

  • Just finished this one - that was a fun one, especially for a first-time n00b like me.

    My generic tips :

    • Watch your newline characters!
    • Keep the two bits you need to stop you from getting errors, discard the rest, add payload
    • Once you're in keep an eye out for permissions on files, and things that look similar inside

    Good luck :)

  • Just rooted, already know how it works but my scripting suck. :)

  • Got root . PM me for a hint or to discuss because I'm not really sure if I did it right

    Arrexel

  • Got root just now. Happy because I got a reverse root shell, not just read root.txt :)
    This was a pretty good box, especially the user part, I got lost into trying to find "the thing" giving root, was unecessary, but a message here gave my the infos I wanted :)

    melka

  • I keep getting the invalid username type. Can anyone give me a hint or pm me?

  • Hi guys, fifth day on this machine, I have the user flag and now I'm focusing on the priv esc ... I thought I was on the right track but obviously it does not work and I have no other ideas, could someone help me?

  • Celestial rooted, learned a lot a lot from this box, getting initial hold was difficult compared to root lol, root is really easy if we are alert enough to see what the box is showing us. Any hints needed anyone can DM me or can hit me up on discord at [Ruthvik#7626] Good luck Everyone !!

  • Was able to get user/root on this machine. If anyone needs a nudge feel free to message

  • Someone Leaked The root flag at home directory :| extremely sad. got rooot at just user access.

  • Why is this box so unstable? I got shell easily and cant do much else because by the time I run 2 or 3 commands the box is hosed and shell dies

    If any HTB users have helped you with a challenge or hint please consider giving them +respect on their profile.
    Here is mine is you would like to do so.
    https://www.hackthebox.eu/home/users/profile/50326

  • Sooo... got user, I see the timestamp change, and I can see the script that writes to that file. But when I change that script to my liking (i.e., open a reverse shell), nothing happens, and the script reverts to its original, including the timestamp. Which means it must be copied from somewhere, right? Well I haven't been able to find it. I feel this is the last step on my way to root. Hints are welcome.

  • nevermind... I was on the right track all along, just a stupid syntax error. This was a fun machine.

  • any help to install npm and cookie parser because i tried and always get this error when lunching the server.js

    Error: Cannot find module 'cookie-parser'
    at Function.Module._resolveFilename (module.js:536:15)
    at Function.Module._load (module.js:466:25)
    at Module.require (module.js:579:17)
    at require (internal/module.js:11:18

    Arrexel
    OSCP | I'm not a rapper

  • @sazouki said:
    any help to install npm and cookie parser because i tried and always get this error when lunching the server.js

    Error: Cannot find module 'cookie-parser'
    at Function.Module._resolveFilename (module.js:536:15)
    at Function.Module._load (module.js:466:25)
    at Module.require (module.js:579:17)
    at require (internal/module.js:11:18

    I get the same thing. Can any one PM me?

    Huejash0le

  • You don't need cookie-parser

    melka

  • > @melka said:
    > You don't need cookie-parser

    correct no need for that i got the user shell

    Arrexel
    OSCP | I'm not a rapper

  • any help for priv esc ? i found script running and an output text but im stuck with it
    pls pm for hint

    Arrexel
    OSCP | I'm not a rapper

  • there's actually no need for privesc to get the root hash on this one if you do a bit of forensic work... still worth learning how to exploit it though imo

  • rooted ..happy i got root reverse shell also

    Arrexel
    OSCP | I'm not a rapper

  • This box is a nightmare. Been trying to exploit the vuln but everytime I launch anything, the box fails and I get an Unable to connect to 10.10.10.85 :/

    Is anyone in the same situation?

  • edited July 2018

    This was such a great box. Learned some things, so thanks to @3ndG4me for the challenge. Took a few tries, but eventually with some helpful hints in here I got root.

    Shout out to the vid that helped me get a shell. Grazie, Andrea.

    Pavornoc

  • Got root and user !! Easy box !! PM for help!!

    Hack The Box

  • hi
    i got user
    and i know the file to edit to get root but vi dosen't work
    any idea ?

  • > @Txos1 said:
    > hi
    > i got user
    > and i know the file to edit to get root but vi dosen't work
    > any idea ?
    try echo "commands" > filename.py

    Arrexel
    OSCP | I'm not a rapper

  • Rooted! LOL

    Hack The Box
    If you appreciate my help, please give +1 respect https://www.hackthebox.eu/home/users/profile/50022

  • @sazouki said:
    > @Txos1 said:
    > hi
    > i got user
    > and i know the file to edit to get root but vi dosen't work
    > any idea ?
    try echo "commands" > filename.py

    when i try echo it give me syntax error

Sign In to comment.