Poison

getting user was fun. Getting root - had to really think outside the box on this one. what frustrated me was i already use the method almost daily for other stuff. nothing fancy, just a lot of ENUMERATION as always (i hate seeing that word every time i get stuck)

Everything to solve the machine is already written here. It’s really easy.
If you read the posts here carefully you have kinda a step-by-step guide on how to solve this box.
If you are still asking, maybe you should continue to learn basics of networking and how UNIX based machines work.
This would make other boxes also easier for you.

The box was kinda fun :slight_smile:

@wirehack7 said:
Everything to solve the machine is already written here. It’s really easy.
If you read the posts here carefully you have kinda a step-by-step guide on how to solve this box.
If you are still asking, maybe you should continue to learn basics of networking and how UNIX based machines work.
This would make other boxes also easier for you.

The box was kinda fun :slight_smile:

R00ted. This is absolutely 100% true

having an "event not found " while unzipping!! any idea?
using unzip -p password zipfile.zip syntax
please help

@madbro said:
having an "event not found " while unzipping!! any idea?
using unzip -p password zipfile.zip syntax
please help

maybe download it to your machine

This box has me scratching my head (banging my head)… I know the service I’m looking for and I’ve used what I think is the method before to connect to a similar service on windows and I even get a connection although mostly grey screen with a terminal in the top corner but as regular user c***ix not root… I assume the secret file is the key but not sure what type of charset or algo I may be looking at? I’m thinking I need to use the user to tunnel through or am I off here? I think I’m close…

@3s073r1k said:
This box has me scratching my head (banging my head)… I know the service I’m looking for and I’ve used what I think is the method before to connect to a similar service on windows and I even get a connection although mostly grey screen with a terminal in the top corner but as regular user c***ix not root… I assume the secret file is the key but not sure what type of charset or algo I may be looking at? I’m thinking I need to use the user to tunnel through or am I off here? I think I’m close…

You’re close, maybe its not an algo or charset look at the man page of the thing you’re using to try and connect, then think about the file

Thanks for the tip… On my way to bed but I’ll be reading some man pages in the a.m! Always appreciate a nudge… wondering if I should be using X*** or **servr ?
Hopefully that’s not a spoiler…

@3s073r1k said:
Thanks for the tip… On my way to bed but I’ll be reading some man pages in the a.m! Always appreciate a nudge… wondering if I should be using X*** or **servr ?
Hopefully that’s not a spoiler…

Hey ! I’m stuck at this same place . I have been using the vv*wer via option without any luck.

I just woke up and about to try and Tackle this again, if I figure out anything I’ll hit you up in a DM

3 hours with nothing - how to do this -_-

its hard so much i just find the encode file with 13 times

and i can’t do anything about it

i tried ssh with it but nothing its says public key -_-

i hope i got any hint from you guys ^.^ help me to go out of noobs area

If it is encoded x amount of times then you need to decode it amount of times… Figure out the encoding and it should be simple

@ashishjv1 said:
Hey ! I’m stuck at this same place . I have been using the vv*wer via option without any luck.

If you find the answer let me know , maybe a push in the right direction

Hi, I am trying to do the impossible_password but when extracting the .zip file to a .bin when extracting the .bin it turns into .bin.cpgz opening that turns it back into a .bin.

I’m using MacOSX archiver utility and downloaded The Unarchiver with no luck. Any help is much appreciated

@3s073r1k said:
@ashishjv1 said:
Hey ! I’m stuck at this same place . I have been using the vv*wer via option without any luck.

If you find the answer let me know , maybe a push in the right direction

Hey ! I got root . I can say that you are in the right direction ! Just keep Going ! If you need more help PM me.
:slight_smile: :slight_smile:

And Thanks to @felli0t @Monkey23 for all the help !

Hey all, can someone PM me a hint for priv escalation PLEASE. I got on the box, extracted the secret, have an idea of which service to use it with but not sure how to use it. Been on this for 2 days now and its driving me crazy!

any hint to find the user name? i have that pwdbackup.txt , still working on to decode it.

got the service …but dont know how to use it …decoded the secret pasword .

Finally got root on this after a LOT of reading and perseverance. Great box. Happy with my first root on HTB!

@madbro said:
having an "event not found " while unzipping!! any idea?
using unzip -p password zipfile.zip syntax
please help

I had the same problem, solved it with a very rough solution of running python -m SimpleHTTPServer to pull it down and then push the extracted file back up, along with wget

I still haven’t been able to read the contents of the file inside ***.zip, I think that’s the last thing I need to get root on this box, so if anyone wants to give me a hint on that, that would be awesome.