Mischeif

@virtualclown said:
What other information can you get from your initial walk? There is something that you might not think of. It’s not yet used very commonly - but it will present the path you need to follow!

Got stuck on a YouTube page listening to Otis Redding :smiley:

@xsmile said:

@hookech0 said:
What other information can you get from your initial walk? There is something that you might not think of. It’s not yet used very commonly - but it will present the path you need to follow!

Got stuck on a YouTube page listening to Otis Redding :smiley:

Lol! Yep, I’ve been there :rage:

Yeah stuck tried to stego with out any luck on the image… So I must be missing something stupid

What a fun, rewarding, multilayered machine to pwn. There were multiple roadblocks and multiple a-ha moments and “why didn’t I already try that?” This required a little bit of enumeration that is usually not necessary to find the entry point. I learned a few new things and was reminded to not always ignore the obscure when you get stuck.

Rooted. Really fun box! Great job @trickster0

@melka said:

@artikrh said:

@p3tj3v said:
That was a fun box… learned quite a few things…
Not sure if I rooted it correctly… but did find the flag :slight_smile:
thank you @trickster0

There was a previous box which had the exact same technique to get root. Ippsec made a nice and informative video about that, I suggest you take a look.

And another one still active with almost the same technic (well, same principle, different program) :slight_smile:

this has been fixed by a patch. Check Login :: Hack The Box :: Penetration Testing Labs

@mpgn said:

@melka said:

@artikrh said:

@p3tj3v said:
That was a fun box… learned quite a few things…
Not sure if I rooted it correctly… but did find the flag :slight_smile:
thank you @trickster0

There was a previous box which had the exact same technique to get root. Ippsec made a nice and informative video about that, I suggest you take a look.

And another one still active with almost the same technic (well, same principle, different program) :slight_smile:

this has been fixed by a patch. Check Login :: Hack The Box :: Penetration Testing Labs

Do you know what the unintended ways were? I would love to know if you wanna PM me them - I only noticed one vector.

Now the user holding the user.txt file isn’t a member of the groups lxd and libvirtd anymore. Another way to get read the flag is required.

Anyone find the intended way? I have access and got user, but stuck on root.

I’m in the same boat @Magavolt . It kinda sucks that many were able to get an easy 50 pts for this, but nobody even seems to know what the intended method was. It makes the box lose a lot when it comes to enjoyability. I’ll keep at it until I get it the correct way though.

found the two creds, the higher UDP port, and the service bindend on localhost (so unable to contact…).
Any hint at this point?

Do I need to brute force login or do I have to just find location where this credentials are?

Has anyone solved the root privilege escalation after it has been patched?

Can anyone spare a hint on the second login? Nothing I’ve tried seems to be working. Also found another page, but it doesn’t give any output with anything I do to it.

@cdf123 said:
Can anyone spare a hint on the second login? Nothing I’ve tried seems to be working. Also found another page, but it doesn’t give any output with anything I do to it.

If nothing works, back to basics and try common username :wink:

HINT: Once you learn how to login, you start to assume some things. These assumptions will have you at a roadblock when you shouldn’t be. There is mischief going on, remember? Things won’t always be the way you think even if they once were. I hope this helps without spoiling.

I’m still working on priv esc, but I’m sure the same rules apply, lol.

@blackhood said:
HINT: Once you learn how to login, you start to assume some things. These assumptions will have you at a roadblock when you shouldn’t be. There is mischief going on, remember? Things won’t always be the way you think even if they once were. I hope this helps without spoiling.

I’m still working on priv esc, but I’m sure the same rules apply, lol.

Got the root. It is really a mischievous god/machine

Holy effing smokes batman!!! This ■■■■ box is one long F*xx around. ■■■ this was stupid and horrible and really fuxx up. I loved every freaking second of it! This box was epic!! Thanks @trickster0 !! That name definitely fits. You’re a ■■■■, but I owe you a drink for this one. I hope a respect will do. Well done my friend!!

Someone mentioned ippsec’s video walkthrough of one box that is similar to this. Can anyone give me a link where this video resides?

@Higgsx said:
Someone mentioned ippsec’s video walkthrough of one box that is similar to this. Can anyone give me a link where this video resides?

That was an unintended method and has been patched.