Hint for TartarSauce!

1457910

Comments

  • Been spinning my wheels on this one for a while. I have found a couple of services, enumerated them like crazy with tools and manually, have a couple usernames and a pw, but can't find anything still. Can anyone DM a hint for getting initial foothold?

  • edited July 2018

    Just rooted !

    The priv esc is really nice ! Very nice box :)

    I'm curious about the root shell, I get the flag but without shell. If someone want to PM about the root shell it would be nice :)

  • got user shell. But stuck on getting root shell. Saw differences but I can't even get an idea what's happening. Any little hint would be appreciated. I even couldn't get root.txt without root shell.

    Higgsx
    OSCP | GCIH

  • Someone I can PM for Root privesc ? i have found the logic error in the script but still not able to get the root.txt file

    xMagass

  • @xMagass said:
    Someone I can PM for Root privesc ? i have found the logic error in the script but still not able to get the root.txt file

    PM'd

    drtychai

  • Hi , I have got root.txt on tartar but not a shell, is there someone to discuss in Pm about how to get a proper root shell ?

    xMagass

  • edited July 2018

    I will need a while before eating this sauce again. I am stuck at priv-esc since a few days now, I have the script, I also understand why this concept of differentiating things is not ok. But ... how can that bring me to root? PM or MM welcome
    EDITED: Thanks @xMagass for the hints, it allowed me to come out of my panic about tartar sauce :+1:

    renorains
    ~|OSCP|~

  • Can someone DM me a hint or something?
    I have been stuck for 2 weeks.
    I found the webapplications that I think I am supposed to find.
    I have scanned them using different tools and made a proxy to get one of the webapplications working correctly.
    But how the hell do I login to the second webapp?

  • Finally got root flag, man what a painful box....

  • edited July 2018

    Hi I think I found all thing but i couldn't get shell..Please Help...PM for hint

  • Rooted it :D

  • edited August 2018

    Can I PM somebody for a few questions?
    EDIT: Never mind

  • Sames as others. Got root flag but not root shell. Any nudge on getting shell?

    jadepycl

  • > @xtech said:
    > Just rooted!! and i can only say one thing: the creator of this machine is sooo EVIL

    Ohh yes... 😁
  • Onuma and @3mrgnc3 are evil.... pure evil
    Maker, collaborate with @trickster0 please. I'm pretty sure you can create a sexy box for HTB/Vulnhub

    pzylence
    OSCP

  • edited August 2018
    @pzylence Already been working on the next one. Its just going through testing right now, but should be ready to submit in a couple of weeks after i get time to write the walkthrough for the HTB mods.

    Also, if you enjoyed my work, check out the boxes I've already put up on Vunhub.

    C0m80, d0not5top & 64base.
    ;)
  • edited August 2018

    I personally hate tartar and donotstop... I am still struggling at root over tartar. donotstop was equal fun @3mrgnc3 :trollface: :scream:

    pzylence
    OSCP

  • I like this really interesting box and was able to obtain the flags. However I couldn't get a root shell. Probably because I'm concentrating too much on the delicious sauce. Is it possible to gain a root shell with the sauce or do I need a different approach?
    PM is welcome.

  • I'm working on root and a bit tripped up at the differences if anyone wants to bounce some ideas off each other.

  • i got the loging in fristry so that is defenetly rabbit whole i start to enumrate more and got some thing that some thing i enumrate it with some thing else there are some vurnibilities but i have not worked out how to exploit it mm..

    that being said becare full this machine has too many rabbit holes..

    Arrexel

  • @3mrgnc3 said:

    @w31rd0 said:

    @3mrgnc3 said:
    Remember

    The box is intended to be a TryHarder style lesson in the following...
    - 1. Do full enum process of everything first.
    - 2. Don't dive right into the first thing you see.
    - 3. Check for false positives and false negatives.
    - 4. in real world pentesting (the whole point of practicing in htb?) not everything thing is usefull.
    - 5. Don't be a re'tar``tar.... :astonished:

    after every post of yours, where retartar is mentioned, i feel even worse for myself, wasting time on rabbit holes. at least i got user.
    still no root though

    maybe re, tar, tar isn't an insult....
    ...maybe...

    ...just maybe..
    ..it's..

    ..shhhhh.
    

    (whispers) .... a clue.?

    lol you just giving out too much clue :) haha

    i am stack on using some thing to read some thing and get a flag mybe tar, some thing else lol

    Arrexel

  • @0d1n said:
    Finally got it!!!! Once the tunnel vision cleared I was good to go. Thanks for a great machine!

    is because you only have one eye.

    izzie

  • Rooted! Wow that was a tough priv esc but so cleverly put together! Mad props to the makers even if @3mrgnc3 is an absolute troll lol. PM me if anyone needs a hint at any stage of the box.

  • edited August 2018

    ...

  • > @smit2300 said:
    > Rooted! Wow that was a tough priv esc but so cleverly put together! Mad props to the makers even if @3mrgnc3 is an absolute troll lol. PM me if anyone needs a hint at any stage of the box.

    👹👻
  • $ file 
    ȜӎŗgͷͼȜ_5h377: ASCII text, with very long lines
    

    What is it tho? gzip -c for root shell? :disappointed:

    izzie

  • Hi, i feel completely stupid, i've been stuck for a week trying to get inside this box.
    I've enumerated all the directories listed in robots.txt and found an app that seems like a dead end even though i can access as an admin.
    I've found other application with a login page that seems to be broken but can be easily fixed; found the username through it's api and tried every password that has come into my mind without luck, tried brute forcing it but every attempt takes forever and it has some kind of anti brute force system, i've even tried using system.multicall...
    I'm going crazy, can anyone give me a hand?

  • @Relwarc17 said:
    Hi, i feel completely stupid, i've been stuck for a week trying to get inside this box.
    I've enumerated all the directories listed in robots.txt and found an app that seems like a dead end even though i can access as an admin.
    I've found other application with a login page that seems to be broken but can be easily fixed; found the username through it's api and tried every password that has come into my mind without luck, tried brute forcing it but every attempt takes forever and it has some kind of anti brute force system, i've even tried using system.multicall...
    I'm going crazy, can anyone give me a hand?

    Yup, I'm in exactly the same spot here.
    Given how many have solved its got to be something fairly obvious. Keep coming back to 're','tar','tar' as the hint but what I've tried hasn't worked so far.

  • @Relwarc17 @bobthebuilder As somebody said in this discussion earlier: Maybe you don't need the password for the other app. When this app is vulnerable what are typical attack vectors? How could you enumerate those despite the app is broken? There are several ways how you spot the interesting thing - focus on the interfaces that are not broken, use the tool that brought you here again, ...

  • can one PM me a hint about how to read root flag I have user.txt

Sign In to comment.