That’s where it seems to fail - I can get to the point where it “looks like” they work (I am open to a login failure that I haven’t recognised though), but any attempts to issue exploration commands fails - with varying error’s, I’ve not been able to get any sense out of them yet.
So, at the very least, I can take away that I am probably on the “right path” - I just need to work out how to make it work, rather than spend months enumerating every readable file on the file system (I even toyed with the idea of creating a new webpage to see if that would do it).
I supposed this is half the fun and all the learning of HTB
The webpage idea is interesting. If you can’t access it direct because of the access you have, what else could you read? May need a bit of sysadmin knowledge around it. PM if you need a nudge.
I need help with privesc. I’ve already seen the privileges i have to run the script, i did it and the root script doesn’t exist. I tried to edit the commands but password for user r******d keeps prompting. I saw the use of the debugger but it doesn’t seem to work. What else can i do?
@Blastware said:
I need help with privesc. I’ve already seen the privileges i have to run the script, i did it and the root script doesn’t exist. I tried to edit the commands but password for user r******d keeps prompting. I saw the use of the debugger but it doesn’t seem to work. What else can i do?
Nvm, i got root, very interesting technique. I’ll definitely try it with new machines!
@TazWake said:
I feel I’ve spent several lifetimes doing that Other than the stuff which screams out DB creds (and appear to work against the DB), I can’t get it any further. I thought I was on to something with loads of what look liked config files but nothing yet.
Still, back to stringing together long commands
If the creds work, take a look inside.
I’m able to run queries, but can’t find anything in the DB. Am I on the wrong track?! took me hours to find the correct syntax at least I’ll remember how to do it
update: how is it possible you always get it right after posting ?
@icyDux said:
Got RCE working, found a few important files but i don’t know how to escalate to user. I will be glad if someone wants to discuss this box.
Rooted! Thanks to @Bear for helping with the last step of user.
Finding user was a nice journey, it took me quite a lot. Getting to root was pretty straightforward, no need for enumeration in my opinion.
Hints for user are all in the thread: enumerate with fairly large directory lists, you don’t need a shell, find all credentials, watch out for syntax.
On initial foothold, it has something to do with action. So google.
On getting the user, you will gain alot of information, but you will be limited in your capability. Some information is just right in front of you. You need to research on - if machine is going to fail, how do I backup and restore certain data.
On getting root, once you are in, you need to remember that HTB philosophy is not about brute forcing. You may want to check an Priv Esc check list to gain more information. Certain functions rely on some modules, if we can redirect those modules, damage can be huge…
I am at a loss. I have gotten RCE with e3.py and gotten the user and pass in tomcat-users, but I don’t know where to use this at, am I missing something minor? The pass wont work in /m
Ok, ■■■, this box was a hassle. It took me a while to get foothold, but its very easy to do, especially with some tips here.
The hardest part for me was priv esc, until I just sat there and looked at my enumerated data.
KEEP YOUR EYES OPEN. The priv esc to get root is right there in front of you.
Trying to get a foothold. I see what ‘actions’ i have to take just not sure how to take them. any exploits ive tried dont seem to be working. can anyone give me a nudge in the right direction?
could someone can help me with the commands used to connect to that service as I don’t even have a tty I don’t know how will i connect to it. The commands which i am using to list something always giving me an error invalid option
Edit: I am able to list databases but got nothing … any help?