Sneaky

I just saw that comments were deleted by spoiler.
I really do not remember what I said, but I trust the judgment of the person who erased them.
I simply wanted to apologize if I could comment on something that would reveal information.

Still having trouble with this machine. I have enumerated all TCP/UDP ports and even SNMP. I see that SSH is running and a specific user is connected to it but don’t know what port. What am I missing?

@unknown084 said:
Still having trouble with this machine. I have enumerated all TCP/UDP ports and even SNMP. I see that SSH is running and a specific user is connected to it but don’t know what port. What am I missing?

Enumerate SNMP …dont ask here… google is ur bst friend ask to ur bst friend . :wink:

so i got shell but need a starting point to do priv esc …any hints ?..i tried uploadind a metrepreter payload an executing it …no luck i used .sh extension …any other leads?

@r41nm4k3r bof is required to escalate - or at least that’s what I did. I don’t know though if there is and another way…

okay

even i am stuck, i know what port is open, got the key, i know which port is dedicated on victim for the key, but stuck on the lock.

Try using a different tool to help you enumerate more information about the system, which will tell you how to find the lock.

So I have access but I’m trying to figure out where to start with BoF. This would be my first time using this route and is this a good box to go forth with it as a first timer? Any pointers to some guides on the process or how to?

@ipatchcables sneaky is definitely a good box to start with BoFs even if you haven’t a lot experience with them before. The BoF in this box is very easy/basic (check what executable properties are enabled :wink: ) and can be exploited using different techniques!
Good luck :+1:

smash the stack by Aleph one

Sneaky is probably the “easiest” of the few different BOF techniques on the HTB machines. Fairly straightforward and great to learn on.

■■■. I started the topic but still I got user :slight_smile: , I haven’t started the BOF though. maybe this weekend, but I really need a lot of info, about BOF topic. any links or suggestion for a beginner like me?

I have managed to log in and acquire the RSA key. I have tried to follow the hints given in this thread; i have performed different scans with nmap and a snmp-check. But i can still get no information on either which port to ssh to nor the ipv6? address.
Anyone care to give some pointers on what to look for?

hurry, that box will be retired soon, about priv esc : there is a video that works 100%

@MrWest3r said:
I have managed to log in and acquire the RSA key. I have tried to follow the hints given in this thread; i have performed different scans with nmap and a snmp-check. But i can still get no information on either which port to ssh to nor the ipv6? address.
Anyone care to give some pointers on what to look for?

Those tools didn’t help me much either - they just check a set list of things. Try another snmp tool that gives you as much raw output as possible.

Can someone PM me with a hint/guide. I’m pretty sure I have the correct binary file as when I run it I get “Segmentation Fault”. Am I on the right track?

@ipatchcables - yes, you’re on the right track. Now you have to research exploit development and use the proper tools to investigate the binary and learn what it does and why it is segfaulting - and then how to make it do what you need it to do. As far as any tips for buffer overflow … it’s a very broad category and there is no “magic command” or any guide that will walk you through this particular scenario step by step … you must research the topic and learn as much as you can about the subject and develop your own methods and techniques. That’s the intended point of this machine and the reason it is so very valuable to the community for learning.

Finally got in as user! For some reason, my snmp-tools would not work yesterday. Even after restarting the server a couple of times.
Now for the root!

Hey all I have a mind breaking problem in this box so i got the tools to get in but when i try connect over the port i get an error message telling me that a warning and is unprotected so i chmod the file to the right codes and then get a permission denied (publickey) i have googled for several hours on the matter and tried all avenues, i even thought it could be another problem with the openssl update as i have troubles with the beep machine due to updating too, but this seems different in some way or am i missing something entirely happy to PM with people but my mind is dust at this point and i cant see another way into the system, I even when through this after trying for hours with the Ippsec video but after learning lots about ipv6 it appears we went about this the same way too any suggestions would be gold to me at this point much love Bex xx