Hint for Sunday

1568101120

Comments

  • @3lpsy said:
    If you're struggling going from user to root, you may want to start over with your enumeration. It's aggressively simple. I know that sucks to hear if you're struggling, but once you see it, you'll have root in less than a minute. My hint is to ask "what can this user do"? Also when you do see it, you do not need to mess things up to get the flag so be considerate as, according to this forum, many people are trying to to modify sensitive files when it's not necessary.

    This. just got root without modifying or exploiting anything.

  • edited June 2018

    Any help with the initial foothold?

    I have:

    • Found all open ports/services running
    • Enumerated users via the lowest port service
    • Tried running every default password (in Hydra) I can think of against all found users on the service that's port has been changed for security.

    No dice. Am I overlooking a common password? Would greatly appreciate a PM if anyone can point me in the right direction.

  • ROOTED! hahaha, laughed my ass of when i found out how to "priv esc". No exploit, no cracking nothing needed. Just Basic linux commands and wireshark...

    raystr

  • edited June 2018

    @xnumber7 said:
    Any help with the initial foothold?

    I have:

    • Found all open ports/services running
    • Enumerated users via the lowest port service
    • Tried running every default password (in Hydra) I can think of against all found users on the service that's port has been changed for security.

    No dice. Am I overlooking a common password? Would greatly appreciate a PM if anyone can point me in the right direction.

    yes the password is stupidly easy. like, its right in your face easy. this is for the first user which you will then use to find a way to get access to the second user. the method for the second user is much less in your face.

  • Just rooted this. Feel free to PM me if you need a nudge. :)

    Sh311c0d324

  • I managed to get the root flag, but I don't know how to get a root shell, which make me think that maybe I didn't get it the right way. Can someone PM to see if I got it the right way?

  • Finally got root flag, will have to thank @macw141 and @UN1X00. sorry for irritating you guys, but hints got me through.

  • Got root, lovely little box,

  • any hint, I login into the machin but can read user.txt ...

  • hey guyzz, need a pointer.
    got in,
    found a troll....its trolling me,
    any hint how can i troll the troll ??? hahaha

  • I'm also stuck on the priv esc from the first user, if someone can PM me with some hints, it would be greatly appreciated

  • Wow, enumeration really is your bread and butter, I'm kicking myself for not checking (spoiler) location first, I was able to get the second user within five minutes after looking there

  • Everyone seems to have guessed the initial password easily. I have enumerated users using the service on the lowest port and tried hydra -e nsr + other guesses based on the name of the box to authenticate to port xx0xx. Brute forcing with a larger wordlist would take days over my connection. What else should I be trying?

  • Ive read that peopl are getting more than 2 ports open on their scans. I was able to enumerate users on one of the services but get authentication errors on the other port. I am only getting those two ports and nothing else. When trying to scan on the Free servers it is taking ridiculously long. Is this normal, can someone point me in the right direction?

    H4ck3d5p4c3

  • ok... I got user.txt and am having trouble with root... I really have no idea what to do next :(

    H4ck3d5p4c3

  • alright nevermind.... I got it finally... fml!

    H4ck3d5p4c3

  • Any subtle hints on how to Privesc using that **do application? Cant see any thing i can use to leverage on.

    Hack The Box

  • the idiot that keeps changing the sudeors file. YOU DONTTTT NEEEEEDDDDDD TO CHANGEEE ANYY FILEEEE!!!!!!! worst case, if you edit it and you see an error JUSTTTT GETT ITT BACK THE SAME ASS IT WASSSSSS. HTB should ban people that crash the box for like 30 min from using it

  • so i've got some users enumerated... i've found out the ports open, but i really cannot get in... there seems to be something that i am missing... many of the comments have confused me.... need a nudge how to get an initial foothold.

    pzylence
    OSCP

  • @pzylence - I am in the same position. Found a bunch of default users, and tried to guess the password... which should be something super obvious that's often done on HTB or in CTFs in general. Seems I have no luck this time - I managed to guess the obvious / "in your face" credentials for Nibbles and Valentine, but I find this challenge e much more difficult and less obvious. So far I tried - unsuccessfully - with a wordlist of my own with about 200 seemingly obvious guesses for passwords (trying to apply my Nibbles or Valentine mindset ;-)), tested against all the users I know.

    As all the users that I could find easily are default users, and none of them had logged on before, I wonder if you also have to guess additional users / use a more exhaustive wordlist for users. I already tried some "obvious" additional users not on the default wordlist (that the enum tool uses that I suppose many here are using).

    But I am not ready to give up and use a huge wordlist - I take a break and wait for inspiration to hit me with ideas for new "obvious" usernames and passwords :-)

  • I've tried all sort of things with the s*** from Sammy, I cannot read nor download files with no permissions. Overwriting important files is not working either. Can I get some hint? I've read certain man pages like 5 times now...

  • I need help for priv esc, PM me please

  • Shoutout to everyone who feels the need to change all the passwords.

  • I see the tool I need to use for root but keep getting "No permission to list directory." Any hints would be rad.

  • @s2233 said:
    Shoutout to everyone who feels the need to change all the passwords.

    fwiw this is not malicious - root escalation gone wrong/done badly blame google.

    izzie

  • @3lpsy said:
    If you're struggling going from user to root, you may want to start over with your enumeration. It's aggressively simple. I know that sucks to hear if you're struggling, but once you see it, you'll have root in less than a minute. My hint is to ask "what can this user do"? Also when you do see it, you do not need to mess things up to get the flag so be considerate as, according to this forum, many people are trying to to modify sensitive files when it's not necessary.

    Any clues? have enumerated multiple times with various scripts but can't see a vuln. or anything to run to get root without exploit or changing anything :/

    izzie

  • Any clue for be sammy?

    ghroot

  • edited August 2018

    Spoiler Removed - Arrexel

    izzie

  • Okay Finally got root flag, but not sure if it was correct.

    Just want to confirm, if you can't say please PM me but can you actually get root shell or is it just CTF on this box. I am rather new so still learning :smile:

    Also this would of been a lot quicker if people did not keep breaking the box, just need enumeration, there is enough clues in this thread, the most important one is "What can this user do?".

    No idea why someone deleted the passwd file :disappointed:

  • edited June 2018

    Ok I was trying with the wrong user
    There is a sa... And a su....

    Enumerate 667544 times to get it

Sign In to comment.