Hint for Waldo

1679111219

Comments

  • @drmz said:

    @muditjais said:
    load key invalid format solution??? or m i doing something rong??

    Yeah, go over a valid private key (some examples online) and see what's wrong with yours

    yeaaa got user up for root.txt

  • edited August 2018

    I'd appreciate it if someone could PM with a hint for the foothold, I can browse the file system fine but I must be missing what I'm supposed to be looking for...

    edit: Nevermind rebooted the box and what I needed was there

  • Got root, I am wondering is there another way to get the flag using another version of l****m binary, feel free I am here to talk about!!

  • Finally got root! It was a journey indeed. You need to know what you are capable of ;)

  • a little question, maybe I am doing something wrong:

    got user, I would open a meterpreter session, and I have the key, but from msf I can only open a basic shell with auxiliary/scanner/ssh/ssh_login_pubkey:

    Active sessions

    Id Name Type Information Connection
    -- ---- ---- ----------- ----------
    2 basic linux SSH xxxxxxxx (10.10.10.87:22) 10.10.xx.xx:41023 -> 10.10.10.87:22 (10.10.10.87)

    When I try to upgrade to meterpreter (sessions -u 2), the result is:
    [*] Executing 'post/multi/manage/shell_to_meterpreter' on session(s): [2]

    [!] SESSION may not be compatible with this module.
    [*] Upgrading session ID: 2
    [-] Shells on the target platform, linux, cannot be upgraded to Meterpreter at this time.

    Always done it, but this time is not working.
    Have u idea of what it's going on?

  • Hi
    Can anyone one give me some pointers for privilege escalation?
    Thanks

    Hack The Box

  • I've been able to "enumerate" in the sense that I know HOW to find files that I need to move forward. The problem I'm having is how to GET or READ those files. Any tips are appreciated!

    Curve

  • @Curve said:
    I've been able to "enumerate" in the sense that I know HOW to find files that I need to move forward. The problem I'm having is how to GET or READ those files. Any tips are appreciated!

    can you read any other files? maybe in the same folder? that way you might be able to figure out what actually is happening...

  • @p3tj3v said:

    @Curve said:
    I've been able to "enumerate" in the sense that I know HOW to find files that I need to move forward. The problem I'm having is how to GET or READ those files. Any tips are appreciated!

    can you read any other files? maybe in the same folder? that way you might be able to figure out what actually is happening...

    I can see the files, but I can't seem to figure out how to read them. I wish I could say more (tools I'm using, etc.), but I'd be giving too much away.

    Curve

  • @Curve said:

    @p3tj3v said:

    @Curve said:
    I've been able to "enumerate" in the sense that I know HOW to find files that I need to move forward. The problem I'm having is how to GET or READ those files. Any tips are appreciated!

    can you read any other files? maybe in the same folder? that way you might be able to figure out what actually is happening...

    I can see the files, but I can't seem to figure out how to read them. I wish I could say more (tools I'm using, etc.), but I'd be giving too much away.

    Alright.. I figured out what you were referring to. I got something I think I need.. just need to figure out how to use it. Thanks for the tip!

    Curve

  • Hey, can anyone give me hint about priv-esc? Escaped "jail" e.g. i'am at user m**** but then there is some r****.sh and l*m which im not sure what to do with them, probably get a hint that you must be capable but i cannot find right tools on the machine so any hint would be awesome!

  • waldo scared the cat

  • Managed to access the n****** folder. Dunno what to do, since there doesn't seem to be anything useful in that folder.

  • @AlwaysLivid said:
    Managed to access the n****** folder. Dunno what to do, since there doesn't seem to be anything useful in that folder.

    I got the right file, but I can't use it for some reason. Permission Denied. I'll be honest, I just haven't used this authentication method before.

  • got the m****** user, escaped from the little jail... any hint? D:

  • @gigi944 said:
    got the m****** user, escaped from the little jail... any hint? D:

    Look at the app-dev programs and the source code, why is their behaviour different? There's hints all over this thread

    jamesa

  • edited August 2018

    nevermind

  • Rooted but didn’t used the log******* to root, can someone guide me used log******* to root?
  • anyone can pm me about priv esc to root, i need a hint.. i am hitting my head aganst log******.

    Hack The Box

  • @0xlc said:
    anyone can pm me about priv esc to root, i need a hint.. i am hitting my head aganst log******.

    It is a decoy, let it go...

    Btw just got root. Really hate this box. It forced me to learn some stuff I have never heard before.
    Big thx for @mcruz and @MrWest3r for the help!

  • @SecThor said:

    @0xlc said:
    anyone can pm me about priv esc to root, i need a hint.. i am hitting my head aganst log******.

    It is a decoy, let it go...

    Btw just got root. Really hate this box. It forced me to learn some stuff I have never heard before.
    Big thx for @mcruz and @MrWest3r for the help!

    i get it, but i don't find any suid files to execute as root as well

    Hack The Box

  • edited August 2018

    nvm

  • Any leads on the thing after log*******?

    I know that I probably shouldn't even ask for advice and do the damn thing already, but I keep seeing nudges all over the thread and some of them are pretty much kinda contradicting each other.

  • UPDATE: Look it up on Google. Don't ignore the thing you don't know how to use, if there's such a thing.> @AlwaysLivid said:

    Any leads on the thing after log*******?

    I know that I probably shouldn't even ask for advice and do the damn thing already, but I keep seeing nudges all over the thread and some of them are pretty much kinda contradicting each other.

    UPDATE: Look it up on Google. Don't ignore the thing you don't know about, because this is pretty much the key to the thing you exactly need. Won't take more than 5 minutes of research if you know exactly what you're looking for, trust me.

  • getting user is very straight forward after you understand the process, took me longer than it should have, anyway now root X___X

    Hack The Box

  • edited August 2018

    rooted.. positive rating

    Hack The Box

  • Took me hours to root this box. Learned something new today.

  • I think this should be added to some known linux privilege escalation checker.

  • edited September 2018

    I learned what i am capable of. Though, need any educational hints. Stuck here.

    edit: got root. For priv esc part. You really need to know what you are capable of.
    I just reached root flag. Can anyone pm me about how to get root shell ?

    Hack The Box

  • Can anyone PM me to give me a nudge on how to escape the jail? I've got the user flag already and enumerated the environment I'm in (n****** user), but I'm not seeing a way to escape.

    iwanteggroll

Sign In to comment.