Hint for Waldo

1246719

Comments

  • @waspy said:

    @Pratik said:
    Rooted this box. Getting root flag was tough but got it. Cheers!

    in the file we should put a case that read root.txt for us
    am i on the right track

    Not quite. Would the compiled program be able to read the flag?

    gedsic

  • @Cli3nt said:

    @The5thDomain said:
    Can anyone PM me a nudge in the right direction for Privesc? I'm aware of the file that is able to do stuff it really shouldn't...not sure how though or how to replicate it.

    Same here, anybody here who can give me a hint?

    I wasted my half of day behind that file nothing worked finally i read the root flag using some other binary

  • > @venki9990 said:
    > @Cli3nt said:
    >
    > @The5thDomain said:
    > Can anyone PM me a nudge in the right direction for Privesc? I'm aware of the file that is able to do stuff it really shouldn't...not sure how though or how to replicate it.
    >
    >
    >
    >
    >
    > Same here, anybody here who can give me a hint?
    >
    >
    >
    >
    >
    > I wasted my half of day behind that file nothing worked finally i read the root flag using some other binary

    same what a rabbit hole

    Arrexel
    OSCP | I'm not a rapper

  • edited August 2018

    Any hint for priv ecs? I was thinking I should edit loxxxxxxxx file, but after read the posts, I think i am in a wrong way?

    Updae: NVM.

  • is it possible to get root ?

  • @seiyathesinx said:
    is it possible to get root ?

    Yes. Of course it is possible to get root.

    Hack The Box

  • @gedsic said:

    @waspy said:

    @Pratik said:
    Rooted this box. Getting root flag was tough but got it. Cheers!

    in the file we should put a case that read root.txt for us
    am i on the right track

    Not quite. Would the compiled program be able to read the flag?

    i got root and has no deal with thous files, there is a bin running as root use it to get the lag

  • @seiyathesinx said:
    is it possible to get root ?

    yes, but not necessary

    cdoisponto

  • What do you guys mean by m****** user? What have I missed? Like someone said before there's nothing in passwd, I'm in as n***** user at the moment.

  • @hattonsec said:
    What do you guys mean by m****** user? What have I missed? Like someone said before there's nothing in passwd, I'm in as n***** user at the moment.

    Same as you. Not understanding that m****** user.

  • edited August 2018
    *Spoiler Removed - Arrexel*

    Arrexel
    OSCP | I'm not a rapper

  • Finally got root, the vm is epic except for the first step for privesc (the so mentioned ssh with user m******) which I think is a way too long shot to even think about it (I was so paranoid that I just tried it out of desperation).
    So to give a hint about it, just do normal enumeration and think about what looks weird about it all, then try to guess (and prove) what's going on and guess again how you would be able to escape with all the information you have, don't spend time building other stuff or doing crazy shit, you have it all in front of you (just need a breakthrough).
    Once you have escaped, you still have some fun ahead :D

    Hack The Box

  • Still struggling with priv esc...Can someone hint to me whether or not res*********.sh has anything to do with priv esc?

  • Is anyone awake that wouldn't mind working with me to nudge root? I've gone back and forth and I know im missing something silly...need to bounce ideas off of someone!

    Thanks!

  • I would love some advice on the initial step. I have found some interesting files and can read those but no idea how to proceed further

  • For the love of all hacking STOP RESSETING THE Fing box. OMG enum a little.

  • Can anybody offer a gentle push in the initial steps. Have enumerated the directory that the page is located, have found code for several pages, but not managed anything further. Thanks

  • @richeze said:
    Can anybody offer a gentle push in the initial steps. Have enumerated the directory that the page is located, have found code for several pages, but not managed anything further. Thanks

    Same here. Also suspected that a proxy like BS must be the key. However made almost no efforts. For some reason cannot make the foothold. PM?

    hopihallido

  • @hopihallido said:

    @richeze said:
    Can anybody offer a gentle push in the initial steps. Have enumerated the directory that the page is located, have found code for several pages, but not managed anything further. Thanks

    Same here. Also suspected that a proxy like BS must be the key. However made almost no efforts. For some reason cannot make the foothold. PM?

    Feel free to include me as well - im at the same spot and have found some source code/files.

  • Anyone able to drop me a PM with a hint on user, I am able to read files etc... but not sure what to do next

    Mochan

    Checkout my Dropbox of Goodies >> https://www.dropbox.com/sh/ba0t59c5fnccgms/AACvUbUSflWB1_AAgj8okEUra?dl=0

    [CCNA R&S] [OSCP - In Progress] [Security+ - In Progress]

  • I definitly need help on privesc, you can catch me on mattermost or send me a PM. I feel like i can already smell it but dont get it yet.

    image

  • fyi.. waldo is in the bottom left hand corner of the background if anyone is wondering. Ok back to trying to get user!

    Hack The Box

  • Got root - nice machine and definitely worth the time - learned something "new" to look into while doing enumeration. (Even if its 10+ years old)

    image

  • this one still has me stumped- Im using burp, zap - its clearly a traversal thats required for user. have googled php , php exploits and nothing seems to return anything. Either i'm missing something completly or it because the box keeps getting reset and I belive its hammered with a brute force at times

    ZaphodBB

  • OK quite fustrating - something i have tried before several times in the last few evening now appears to work.

    ZaphodBB

  • Got a private sshkey, any one there to give me a hint on how to get the passphrase please ?

    Hack The Box

  • Thankyou - I finally got what i presumed was the answer to work, although for some reason it wouldnt work the last few nights.

    That link is a very usefull refrence

    ZaphodBB

  • Feel as if something is staring me in the eye and im completely missing it...

    Mochan

    Checkout my Dropbox of Goodies >> https://www.dropbox.com/sh/ba0t59c5fnccgms/AACvUbUSflWB1_AAgj8okEUra?dl=0

    [CCNA R&S] [OSCP - In Progress] [Security+ - In Progress]

  • I only can read html, localhost, can't list more.
    I need some help. :d

    sckull

Sign In to comment.