Bashed Priv Esc Exploit

I found what seems to be a local priv esc exploit and it works ‘sometimes’. At least once I did escalate to root but it seems the box hangs shortly after but it is usually when there are a lot of users on the system so I don’t know if it is me hanging the box. Are any exploits being blocked from running? Any known to crash the box? I see a lot of users going other routes and will try that as well but this seemed to be a pretty quick way to exploit if the box will stay up long enough to cat the file.

You don’t need any exploits for this box, look around, you’ll see something different that can be used, this box is easier than it looks! As with most boxes on HTB the name is a hint

you don’t need any exploits for this box, just look harder - do you see something unusual on the machine maybe?

Running a privesc enum script would most probably shed an highlight on what you are looking for.

@s3crumin814 said:
you don’t need any exploits for this box, just look harder - do you see something unusual on the machine maybe?

Ugh I feel so noob, I have no idea how to use that “something unusual” I found :frowning:

I got shells running as two different users. Still trying to figure out how to root it! I have enjoyed this box so far!

I just got the root flag. I’m curious to see how others did it. If you want to discuss send me a PM.

Hi to all I am new here. Very fun place to be
after crashing the box.
I start looking :slight_smile:
I found the file I modified and stile no luck .
am I missing something

hoping this isn’t a spoiler but thought i’d share my experience after rooting this box. I was able to own the user quickly as much of you have done too. I could find key files that i needed to find but couldn’t find out how they were doing what they were doing. I did the enum stuff. something seemed ‘automated’. I ignored that part in the end and just did what I thought I needed to do with those files.

@Gr00tIsR00t The “something seemed automated” is what prompted me to do what I did as well. I checked my enumeration output and did not see what I was hoping for. However, I tried what my gut was telling me and it worked.