Hint for Sunday

@JOk3Rxvi said:
Spoiler Removed - Arrexel

sorry about spoiler… wont happen again

could somone pm me abaout even getting a shell? i really have no idea. help me

@touhid - would you like to stop fucking machines? I saw your content in passwd like 3 times today (Spoiler Removed - Arrexel). it was already said 50 times that the machine does not need to be crashed before root.

now stop, please. again. when you’re logged in during 2 minutes after reset,
what is the point to play for other users if passwords are changed?

thanks for your time.

@lilne said:
@touhid - would you like to stop fucking machines? I saw your content in passwd like 3 times today (Imgur: The magic of the Internet). it was already said 50 times that the machine does not need to be crashed before root.

now stop, please. again. when you’re logged in during 2 minutes after reset,
what is the point to play for other users if passwords are changed?

thanks for your time.

Touhid / Agent22 is actually the same dude, who made the machine, and he has a blog. You should check it out. It will reveal why you are seeing the symptoms you are. However, you are totally correct, the machine does not have to be crashed to obtain root. But it is really easy to make a mistake with a certain switch. I know I did once and burned a reset to correct it.

Hi guys, Is it normal that I can f**nger a user before and when I tried to repeat the command it says Connection time out?

1 - Nmap can help you to get alot of information, not just about open ports, get the services running and search for nse scripts
2 - The user password is the “default password” for ctf’s applications (all the time was in your face)
3 - When you get access (login/password), just look common folder and files
4 - Crack crack crack crack

Sorry about my english, is not my first language

4 hours to get user on this one, 1 more hour for priv esc. To mirror what everyone else said, it is possible to get root without breaking anything. No exploits or anything. However, I’m not sure if I did it the “right” way. Wonder if someone can PM me about how they rooted it. I have some ideas about other ways to root it already but I’m curious about how others did it.

@webboy2018 said:
Got root finally! It was something new and different. Good enumeration preferably use Zen Map, some guesswork, local enumeration starting with / , some cracking and No exploits needed. More then the MAN page for the last part, you might find another article / tutorial which explains better. At least for someone like me who never rooted a Solaris box before :slight_smile:

Totally agree with your comment! Got root also!
Zen Map saved my time.
Thanks everyone for your comments. It’s really possible to make everything using info from this forum :slight_smile:

Rooted. I concur that you need to have a decent wordlist for initial enumeration. The ones on kali weren’t optimal or actually DOS’ed me when I tried to use them, so I grabbed one that was more targeted to what I wanted to enumerate. I wrote my own enumeration script for the first part. Moral of the story – don’t just throw a gigantic wordlist at things, think about what you’re doing.

Anyway I think this was a refreshing switch-up and I learned a couple of things. I also can tell I’m getting smarter and faster at this business. Thanks! Anyoe wants a nudge PM me.

@LegendarySpork said:
Moral of the story – don’t just throw a gigantic wordlist at things, think about what you’re doing.

I currently am working on this machine and thus honing my enumeration skills since this is no lazy Sunday but is bruteforcing necessary ? Can you point me to some good wordlists, so i can establish the initial foothold ?

at last got root

took me to get user/password /another user/password in 3 hours to get root took me 1 days lameeeee

thanks to every body who made to

TRYHARDER lol

@Deku said:

I currently am working on this machine and thus honing my enumeration skills since this is no lazy Sunday but is bruteforcing necessary ? Can you point me to some good wordlists, so i can establish the initial foothold ?

If you’re using kali – there are wordlists in both /usr/share/wordlists and /usr/share/seclists, and there are targeted wordlists out there on the internet if you google on the type of thing (not just the service) you are trying to enumerate.

I won’t comment on the bruteforcing question to avoid spoilers but I will say that in my limited experience with HTB and offsec solid enumeration skills and picking decent lists of things for your tasks are foundational.

rooted !

Finally got the root flag but was unable to root. I got the root hash from the shadow file as well, but was unable to crack it after a days worth of trying with rockyou and many other wordlists. Can anyone that cracked the hash PM me to let me know what worked for you?

To everyone still trying to get user/root, there is some good advice already throughout the thread. Definitely enumerate a LOT and find out what you can do with your current privileges. As said before, this box does not require overwriting anything in /etc/. I learned some new uses of a certain tool on this one. Good box!

Took me a few days to get the first user.
Took me another day for the second user
but after that took me an hour to root.

Hint for first user - think simple, this is what every box in HTB has.
Hint for second user - try to find something that the first user can read pertaining to the second user
Hint for root - after getting second user, try man a certain command for priv esc…

PM for more hints :slight_smile: Happy hacking.

Thanks for all the help given.

@LegendarySpork said:

If you’re using kali – there are wordlists in both /usr/share/wordlists and /usr/share/seclists, and there are targeted wordlists out there on the internet if you google on the type of thing (not just the service) you are trying to enumerate.

Thanks for your answer, rooted the box a few days ago but was wondering if there where any specific wordlists. Didn’t mean box specific so my question was at the wrong place.

Hi guys does anyone having connection issues with this machine on the eu vip servers?

@S1kk1S said:
Hi guys does anyone having connection issues with this machine on the eu vip servers?

If you are referring to it lags like cows are going to come home, and sometimes finger/ssh no connection, yes, spot on.

rooted! pm if you need tips :slight_smile:

I own 2 users and the user.txt already.

I tryed as hard as I was able to, but I am not able to find the next step.
Bruteforcing root with one of the services or something else?
What is /root/troll for?
How could wget help?
Did you used one of that^^ to get root.txt?

I’m lost and need a liitle push please. Just some gently hints, no spoiler please