Hint for Sunday

at last got root

took me to get user/password /another user/password in 3 hours to get root took me 1 days lameeeee

thanks to every body who made to

TRYHARDER lol

@Deku said:

I currently am working on this machine and thus honing my enumeration skills since this is no lazy Sunday but is bruteforcing necessary ? Can you point me to some good wordlists, so i can establish the initial foothold ?

If you’re using kali – there are wordlists in both /usr/share/wordlists and /usr/share/seclists, and there are targeted wordlists out there on the internet if you google on the type of thing (not just the service) you are trying to enumerate.

I won’t comment on the bruteforcing question to avoid spoilers but I will say that in my limited experience with HTB and offsec solid enumeration skills and picking decent lists of things for your tasks are foundational.

rooted !

Finally got the root flag but was unable to root. I got the root hash from the shadow file as well, but was unable to crack it after a days worth of trying with rockyou and many other wordlists. Can anyone that cracked the hash PM me to let me know what worked for you?

To everyone still trying to get user/root, there is some good advice already throughout the thread. Definitely enumerate a LOT and find out what you can do with your current privileges. As said before, this box does not require overwriting anything in /etc/. I learned some new uses of a certain tool on this one. Good box!

Took me a few days to get the first user.
Took me another day for the second user
but after that took me an hour to root.

Hint for first user - think simple, this is what every box in HTB has.
Hint for second user - try to find something that the first user can read pertaining to the second user
Hint for root - after getting second user, try man a certain command for priv esc…

PM for more hints :slight_smile: Happy hacking.

Thanks for all the help given.

@LegendarySpork said:

If you’re using kali – there are wordlists in both /usr/share/wordlists and /usr/share/seclists, and there are targeted wordlists out there on the internet if you google on the type of thing (not just the service) you are trying to enumerate.

Thanks for your answer, rooted the box a few days ago but was wondering if there where any specific wordlists. Didn’t mean box specific so my question was at the wrong place.

Hi guys does anyone having connection issues with this machine on the eu vip servers?

@S1kk1S said:
Hi guys does anyone having connection issues with this machine on the eu vip servers?

If you are referring to it lags like cows are going to come home, and sometimes finger/ssh no connection, yes, spot on.

rooted! pm if you need tips :slight_smile:

I own 2 users and the user.txt already.

I tryed as hard as I was able to, but I am not able to find the next step.
Bruteforcing root with one of the services or something else?
What is /root/troll for?
How could wget help?
Did you used one of that^^ to get root.txt?

I’m lost and need a liitle push please. Just some gently hints, no spoiler please

@dontoni said:
I own 2 users and the user.txt already.

I tryed as hard as I was able to, but I am not able to find the next step.
Bruteforcing root with one of the services or something else?
What is /root/troll for?
How could wget help?
Did you used one of that^^ to get root.txt?

I’m lost and need a liitle push please. Just some gently hints, no spoiler please

I’m in the same situation and I think second method is the way to go with this. I read the man page for it but couldn’t find what I was seeking for. Any help would be appreciated if I’m going down the wrong path.

Rooted! PM me if you need any tips.

Rooted! PM if you need any help.
This thread gives all the answers… thank you guys!

Finally rooted. Thanks for all the comments here, won’t add anything cuz all the hints are already here. My biggest problem with hints that they make sense only after you got the solution… :persevere:
Anyway for advice ping me on the HTB channel on netsec focus mattermost channel.

Got it!!

for those who are having trouble with the final step

check what commands you have permission to run. then check the man pages for those commands. read the pages carefully. you know how sometimes things spit your command or input back at you and tell you its wrong even though you know its right? well what if you knew it was wrong?

Got the root ! PM if anyone needs help.

Done

Hello everyone,
I read through the forum but I can not get user.txt. I use hashcat with every wordlist I can find. Nothing…
I even restarted the server to get the fresh hash. But it was the right one all along.
Could someone point me in the right direction?

I swear to a deity that someone had changed something in the interesting file - gits!! Rooted it within 5 mins after checking it again!!! >_<

Jeez - what kind of wordlist do you have to use to crack that password you get from that file? have spent hours on trying to crack it to no avail. Tips welcome!