Jerry

@melka of course it’s not the fault of the machine or the machine creator, it’s just because the machine is pretty easy to root.

Also I agree that machines like this would be a good idea to have a mechanism, maybe an automated script to prevent the credentials from changing, restart services when not responding etc…

Just a lil tip - when you do find the flags - if youre unable to cat them properly (no output , shell crashes etc) copy the file to a new file that doesn’t have the long spaced out name - legit i spent almost all of my time on this box dealing with crashing shells and ■■■■ due to this.

R00ted. If anyone needs help PM me.

unstable this machine

Rooted this machine with 8 steps only. PM me if need help.

rooted, thanks

Quick and easy box. I just did it without any of the stability/password problems that others have reported.

Sometimes we all need a piece of cake (or two)!

The easiest box on hackthebox.eu :smiley:

Rooted yesterday evening. I like the last little challenge with figuring out how to read the flags, something I never encountered before but a little Googling and I got it. Thanks for the hints folks!

@GingerHackz said:
Just a lil tip - when you do find the flags - if youre unable to cat them properly (no output , shell crashes etc) copy the file to a new file that doesn’t have the long spaced out name - legit i spent almost all of my time on this box dealing with crashing shells and ■■■■ due to this.

I found a Linux command that also works in Windows if you have the right shell, then a set of certain punctuation characters does the trick. I actually liked that little bit of a last challenge here, made the box fun.

r00ted. Learned a lot thanks for the box :slight_smile:
need any hint without spoiler → pm

VIP and people still changing the password within 30 seconds of restarting

I have no issues with this one though, basic enumeration and wordlists should get the job done.

Creds different for different dirs? Or is this a password being changed issue?

Password being changed, I think. I (luckily, from reading the rest of the thread) didn’t run into any issues with different directories having different credentials.

nikto does more than half of the job

I got the SYSTEM on the box, however I am having issues accessing the flags. Tried a lot of stuff with local users, but still getting Access Denied when doing a type on the file

@T0x1cSil3nce said:
I got the SYSTEM on the box, however I am having issues accessing the flags. Tried a lot of stuff with local users, but still getting Access Denied when doing a type on the file

My mistake. Solved!

@xtech said:
ok who thinks that HTB admins are changing the password on purpose for people to buy VIP Services? i mean no one is that fast to change the password in 30 sec after reset

@xtech said:

@smjogi said:
I use vip. There aren’t that problems.

yeah thats what i mean. these machines are made like this so we buy VIP services

Ha, yeah I don’t think HTB admins are conspiring to ■■■■ off free users into upgrading? I could be wrong, but I’ve been a paid member from the first day I signed up and I have had a ■■■■ of a time with the credentials that eventually worked after a reset and I know no one changed the creds, and HTB admins wouldn’t be pissing off paying customers by changing things on boxes just to make them upset. Something else is the cause. Just my two cents though…

If you want to check that you used the right password you can PM me with the ones you’ve tried