Hint for Waldo

13468919

Comments

  • Could someone let me know if a certain file in a folder that had to be accessed by "pushing" is whats needed for privesc or is part of the solution ?

    ZaphodBB

  • any body can pm for priv esc am very stuck and for a long time

    Raouf09

  • edited August 2018

    WOW... getting root was straightforward as long as you don't get caught pwning with horse blinders on. Great box!

    Also, there is enough hints on here to figure it out with enough effort.

  • @JeanMichel said:
    If you are stuck at the enumeration and you can only see "html" and "localhost", imagine that the filter only delete "../" of your request, but not the total string ^^, so it's breakable, I didn't use weird characters like %2e etc... It's really easy ! Don't think too much :p Hope I helped someone

    THANK YOU

    WillIWas

  • Enjoyed this machine... Thanks to those who gave some great hints... Learned some new linux commands on this machine and some other techniques....

    For those stuck on initial foothold: There are a couple of posts here, some with articles, that will help you out a lot!

    For those stuck on the priv esc and steps before that, the key is research to what you have "access" to for the first part and then what can help you and you have access to to get what you need....

  • ARRRRG, back here again. I'm able to see the user.txt file, however there is a filter not allowing me to read it... how can I bypass it? or do something else? Am I going the wrong direction? PM me :)

    WillIWas

  • If you need help on initial access I'm ya guy!!! :-1: ) Working on privesc.
  • That's something new for privesc. Wow!

    SymR

  • I'm stuck. I tried a few things on transversal but I looks like i'm not experienced enough.
    Could someone pm and explain me what I'm doing wrong?
    THX

    Fluxx79

  • man I would love to know how people are broadcasting messages on this machine. thats cool... the 'wall' command won't work for me

  • edited August 2018
    *Spoiler Removed - Arrexel*

    Arrexel
    OSCP | I'm not a rapper

  • Hi Im Having trouble on last stage of Priv Esc (hopefully). I have logged in as the M* user and have escaped, but reached a block. Any hints / nudges would be appreciated either here or by PM to avoid spoilers . Done the usual crontab, look for suid binaries, permissions seem good.

  • finaly got ROOOOT pffffffff
    a lot of thing to learn

    Raouf09

  • @Djinn45SQL99 said:
    man I would love to know how people are broadcasting messages on this machine. thats cool... the 'wall' command won't work for me

    export PATH

  • Nice PrivEsc!!! I learnt something new about Linux and enjoyed this box very much. If you need hints feel free to PM me!

    ulisses

  • Can someone PM with with priv escalation? already logged in as m******

  • Looking for help with priv esc. I have mo***** but cannot escape limited shell.

  • Finally got root. Happy to help those who stuck to on priv esc.

    Hack The Box

  • WOOOW omg root was achieved.....
    Learned a really cool new thing to check for during priv escalation. Also cool to know that this exists in linux.

    PM if you need help guys Shout out to AcEb0mb3R for helping me get root!!!

  • HIi guyzz... i have the key, IK its the key which has to be used,
    I am not able to remove the bad chars from it.
    I tried curl command, tried removing manually, doesnt seem to be working.
    :(

  • got it :( wasted a lot of time on this key

  • Hiya folks. Kinda stuck as the m*. i have escaped the shell and looking for clues.found some, but still stuck on what to do. Can someone pm me with a hint? Thanks!

  • edited August 2018

    Finally got root.txt - What a journey! Certainly a unique HTB...

    Had great fun nonetheless - If anyone is incapable ;) of priv esc or user drop me a quick message.

    Mochan

    Checkout my Dropbox of Goodies >> https://www.dropbox.com/sh/ba0t59c5fnccgms/AACvUbUSflWB1_AAgj8okEUra?dl=0

    [CCNA R&S] [OSCP - In Progress] [Security+ - In Progress]

  • Got root.
    Really interesting box, if you know and use this function of linux before, it would be really easy to solve it, but if not - you need spend some time to study.

  • Quick question - Were people about to get logged in / root shell? Or only able to view root.txt ?

    Mochan

    Checkout my Dropbox of Goodies >> https://www.dropbox.com/sh/ba0t59c5fnccgms/AACvUbUSflWB1_AAgj8okEUra?dl=0

    [CCNA R&S] [OSCP - In Progress] [Security+ - In Progress]

  • Wow got root, got to say I will be updating my scan programs, so major kudos @strawman for the box, and thanks to @Fl337 & @Mcruz for the assists.

  • Rooted + Pro Hacker! This box was all types of mindbuggery. Definitely have somethings to research. Still confused on "why" my escape worked, if anyone has any good resources would appreciate it! If anyone needs some nudges feel free to PM me with what you've tried so far.

    Hack The Box

  • Finally...Root! Haven't got root shell, but root.txt is what I needed.

Sign In to comment.