Poison

1151618202123

Comments

  • r00ted. Again a tough fight, but learned a lot. Thanks for the box :-)

    hopihallido

  • edited July 2018

    Can someone help me with root? I already unzipped the secret file and I think I also found the right command to use it with. But I always get "Authentication failed". Can someone send me a pm?

    Edit: Finally rooted it :)

    cortex42

  • edited July 2018

    I think I'm on the last step and have a couple clarifications / questions if I could PM someone.

    EDIT Was able to get root. If anyone needs a nudge feel free to message me.

  • edited July 2018
    *Spoiler Removed - Arrexel*

    Revolution

  • So close, can I PM somebody for hints on v*******r? I can connect but whoami is just the unpriv user.

  • got user access and also learned a lot about service running to get root access but through that service also I am getting user access and not root access.please PM ...

  • edited July 2018

    Hi, I am struggling with the step after the user.txt and secret. Need some kind soul to help me on the tunneling... Anyone can DM me please?

    Edit: Guys, rooted, DM for Hints

    wilsonnkwanl

  • ok. Im at that 'grey screen' ive seen mentioned. Fix the display settings and im there.. Right?
    This has been a fun box. Learning loads.

  • Okey guys, solved it, PM for hints.

    wilsonnkwanl

  • edited July 2018

    Can i have a hint about how to fix the 'grey screen' ?

    @joe0x5a said:
    ok. Im at that 'grey screen' ive seen mentioned. Fix the display settings and im there.. Right?
    This has been a fun box. Learning loads.

  • If you look at the running processes, there are likely a few instances of that running. Be concerned about the one running on root and how you 'get' to that one.

    da1y

    OSCP | eCPPTv2 | eJPT

    I rarely check private messages, if you do ask for help, show your workings. I don't reply to wall posts.

  • edited July 2018

    i decoded the .txt using the methods mentioned in this thread and have the user/pass but I can't ssh with that...should i be able to?

  • Are you sure you're using the right user?

    da1y

    OSCP | eCPPTv2 | eJPT

    I rarely check private messages, if you do ask for help, show your workings. I don't reply to wall posts.

  • @Bear said:
    Are you sure you're using the right user?

    Just read people have been changing the password... may need to reset box :(

    da1y

    OSCP | eCPPTv2 | eJPT

    I rarely check private messages, if you do ask for help, show your workings. I don't reply to wall posts.

  • @Bear said:

    @Bear said:
    Are you sure you're using the right user?

    Just read people have been changing the password... may need to reset box :(

    I just tried and password seems to be ok.. if anyone can help with priv esc please pm me though!

    Hack The Box

  • edited July 2018

    @Bear said:
    Are you sure you're using the right user?

    I assume its the right user since the username was part of the file I decoded. I had seen the same user in the passwd file. I'll try a reset and see if that helps.

  • Yes.. finally got root. Was messing up one of the stupid ports in the final command. PM me if you need any hints!

    Hack The Box

  • edited July 2018

    Rooted. I learned a couple of things from this box. First, one of my go-to recon tools doesn't produce all the output I want on this particular OS so I googled a little and found another tool that provides the right information. Second, how certain services handle credentials (I am simply shocked, shocked I tell you).

    I had already in the past spent a long time learning about how to see the light at both ends of the tunnel going in both directions, and I tell you that week was TOTALLY worth it. It has been a lifesaver and a huge timesaver over and over again.

    LegendarySpork

    my badge doesn't work, click on my profile if you want rank and stuff

    LegendarySpork

  • @royc3r said:
    i decoded the .txt using the methods mentioned in this thread and have the user/pass but I can't ssh with that...should i be able to?

    Also its Caps sensitive

  • Is it just me or yesterday this box had vnc service? Today I get only 22, 80. Does that mean that vnc is not important for this challenge or something else happened?

  • > @milosa said:
    > Is it just me or yesterday this box had vnc service? Today I get only 22, 80. Does that mean that vnc is not important for this challenge or something else happened?

    It still has it but you're looking in the wrong place

    Hack The Box

  • good maschine maaan the last bit give me the SH*****TS lol

    but got root aget +1 respect those who assisted me should mention name :)

    Arrexel
    OSCP | OSCE half way!

  • I managed to get root but I don't entirely understand how the process worked, can anyone PM me and explain it to me?

  • Wow... So easy yet tricky. Don't think too hard on decoding or finding a crazy convoluted procedure, research the service running on the machine and how the service runs, how it authenticates, etc. That should give you all the information needed to get root. PM me for hints.

  • I am at the final part, I can start the service but it logs into the normal account and not root. I really need help getting root on this box if anyone can lend a hand on what I need to do next :(

    heigou

  • Ive just rooted this box after like 3 days of trying and i have to agree with everyone that says that everything is here in the posts i got there in the end

  • I am on priv esc. I figured out the service running on the first date but now when i tried to enumerate the box, the service is no longer running. can anybody help me with this. Is the service running occassionaly?

  • Got the service running and tried to connect to it. Wasn't prompted for a password and screen is grey. What do?!

  • i'm not able to unzip a secret.zip file even i entered a right password today. yesterday it works fine but today it is not working. i pull it on my system i got only one file "secret" when i extracted with correct password. any thing goes wrong?

  • @jupitarsat said:
    i'm not able to unzip a secret.zip file even i entered a right password today. yesterday it works fine but today it is not working. i pull it on my system i got only one file "secret" when i extracted with correct password. any thing goes wrong?

    You are on the right track. You got what you needed from the zip. Enumerate running services and figure out how to use it.

    If any HTB users have helped you with a challenge or hint please consider giving them +respect on their profile.
    Here is mine is you would like to do so.
    https://www.hackthebox.eu/home/users/profile/50326

Sign In to comment.