Poison

Ive just rooted this box after like 3 days of trying and i have to agree with everyone that says that everything is here in the posts i got there in the end

I am on priv esc. I figured out the service running on the first date but now when i tried to enumerate the box, the service is no longer running. can anybody help me with this. Is the service running occassionaly?

Got the service running and tried to connect to it. Wasn’t prompted for a password and screen is grey. What do?!

i’m not able to unzip a secret.zip file even i entered a right password today. yesterday it works fine but today it is not working. i pull it on my system i got only one file “secret” when i extracted with correct password. any thing goes wrong?

@jupitarsat said:
i’m not able to unzip a secret.zip file even i entered a right password today. yesterday it works fine but today it is not working. i pull it on my system i got only one file “secret” when i extracted with correct password. any thing goes wrong?

You are on the right track. You got what you needed from the zip. Enumerate running services and figure out how to use it.

@ompamo said:

@binzahur said:
any way to determine file type of un compressed file? Any hint pls.

Use the ‘file’ command, but I’m afraid it won’t help in that case.

@binzahur said:
any way to determine file type of un compressed file? Any hint pls.

char%20det

I owned the user already (so I’m trying to own the root), but for some reason I am no longer able to access the URL “http://10.10.10.84”, or any other IP address for active machines. According to Login :: Hack The Box :: Penetration Testing Labs, my connection is working, and I was able to access it originally when I initially owned the user, so I don’t know why I wouldn’t be able to access it anymore. At first when I started having this issue, it would load sometimes (but rarely), but for the past day it hasn’t been working at all.

Also, at first, I was able to ssh into the system and get the text to own the user, but now I’m not able to do that either. When I type in the command, it either doesn’t do anything (and after a few minutes I keyboard interrupt it), or it prompts me to connect to “Charix@poison” (usually at least a minute after I started the command), but when I put in the password, it re-prompts me for a password, even though the same password worked the first time. After the second or third attempt, I usually get a “permission denied” or “connection closed by 10.10.10.84” error.

Every time I ping an active machine, I get 100% packet loss, which I didn’t get before when I initially owned the user.

I have re-generated my VPN keys several times, and the issue persisted.

Am I doing something wrong? This is the first thing I’ve done on this website, so I’m not overly familiar with everything yet, but I just can’t imagine why it would work the first time but isn’t working again…

Hoping someone can give me a nudge in the right direction. I’ve got the secret file and set up something you can see the light at the end of, but I’m confused on how to connect as the right user. The way I’m trying it right now, I get in as the user with normal permissions. I’m not sure if I have the syntax correct, so hoping someone can push me in direction I need to go.

got root finally. Hate this box…

Got root ■■■ this box taught me a lot especially to not overthink things, keep it simple guys and read all the good threads and its hints they are very helpuful. Read the man pages of the tools once you identify the services running on the box. Spoiler Removed - Arrexel

Think about where to use the zip file and how, that’s it.

Got root, feel free to DM for hints.

nvm

@mcruz thanks for the articles, got root

rooted. PM me for hints.

One of the kinda confusing boxes, definitely rabbit holes all around,

PM for subtle hints / explanations

Very interesting and fun box, way easier than it seemed. A little hint for anyone who is still looking for the root flag: once in take a very close look at every running process owned by root and every parameter they use, one will catch your attention because of its nature. If you’re not familiar with this particular process look it up on Google and read its documentation, one particular parameter will answer the question “what the heck is this ‘secret’ file for???”.

Good luck!

Hi
I am still unable to unzip the secret file. Grr. I will keep trying :slight_smile:

GOT IT FINALLY!
GAH this box can really drive you insane if you don’t know what you are doing.
Asked for a couple hints but they didn’t really help because all the hints you need are in this forum, and I already knew what I needed to do from the start.
The hints were really just to verify my sanity. lol
With the articles posted here, you know you are doing the right thing, it boils down to putting the commands together in the right places. I actually used putty to help make sure I was doing it right. and once i googled for the 20th time, i finally executed everything correctly.
I think I spent 4 days doing the right command, just with one major flaw.

Even though i hate everything about the machine, great job, it is a great way to understand security flaws in remote management.