Hint for Waldo

Can anyone help me with PE? Already gotten M user and jailbreak from shell.

why is waldo so #$%^ SLOW?

Someone please help me break out of jail. Thanks!

Not able to find user.txt…can’t figure out payload instead of “/user.txt”

@thePr0fessor said:
Not able to find user.txt…can’t figure out payload instead of “/user.txt”

Maybe you are not the right user ?

Can anyone PM me with Waldo - Priv Esc ?

I have managed to escape the jail, done some enumeration in the interesting folders and files, stumped from there, i’m on Netsec Mattermost under the same handle.

EDIT: Rooted … i can offer help to anyone, was really overlooking this one !

Finally rooted, my hint to all is,

Initial foothold,
find out what u can read and try to read some files that are related to the app, then try to figure out what is removed.

PE,
This is something that i have not done before but basically to check “capabilities”. Read up more at https://packetstorm.foofus.com/papers/attack/exploiting_capabilities_the_dark_side.pdf

Hope not too much of a spoiler as this is something not so common.

Really enjoyed this box and also thanks @nomad17 for the hint. :slight_smile:

Currently stuck in jail and would like to escape :smile: Any help appreciated.
Edit: nvm. Typical. After ages looking, I found Waldo 10 minutes after posting.

Initial foothold,
find out what u can read and try to read some files that are related to the app, then try to figure out what is removed.

PE,
This is something that i have not done before but basically to check “capabilities”. Read up more at https://packetstorm.foofus.com/papers/attack/exploiting_capabilities_the_dark_side.pdf

Hope not too much of a spoiler as this is something not so common.

Really enjoyed this box and also thanks @nomad17 for the hint. :slight_smile:

Definitely the most specific hint on this thread. Thx.

So have you rooted it, or just got the root.txt?

I’ve got the flag but I’d like to actually root it.

can someone tell me how to login to ssh
it just gave me
Load key “key”: invalid format
and
Permission denied (publickey).

I think it was Lincoln who said that if he had to chop down a tree in 8 hours he would spend the first six sharpening his axe. I should have listened. I finally got user when I went back and did proper reconnaissance after learning what the main vulnerability was. Thanks to all those who gave me hints.

What am I missing? Only have N*, and a box that I can’t see any way out of. i see the pub key for another user, but obviously that isn’t good enough for much.

Very nice machine. Once in, it was a little struggle to get further. After the right command it was just looking for the right tool.

Learned a lot.

Hack The Box

Rooted, what a ride… PM if you need some hints. Learned so much from this box

Got root.txt after lots of hours. The privesc part was something new for me, what a hard learning class. As others, I love and hate this box at the same time, thanks to the makers.

Tip for the privesc: Don’t expect to find the exact solution in exploiting_capabilities_the_dark_side.pdf. Take it only as an introduction to capabilities. The solution is easier than that, think and search a bit on the box.

So has anyone actually got root (not just accessed the root.txt file)? If so, can you PM me to point to how you did it?

Got root ! It push at the limit of your capabilities !
BUT i’ve learned a lot of excellent things !

Got root.txt rolf, what a nice box on the privesc, pushing me to learn new things, I’ve never seen it before :+1:

Anyone who want some help, just ask!

Cheers!

I’ve just figured out that some days ago an specific enumeration tool was updated with new capabilities. Update your enumeration tools before use them for the privesc part :wink:

I think I’m jailed… I want to break free :), but no idea how to do it. Usual rshell bypass techniques didn’t work. Could someone please lend me a hand?. PM please.