Hint for TartarSauce!

145679

Comments

  • That machine taught me a lot.
    Specialy getting a root shell... Awesome.

    fasetto

  • Getting shell was not too realistic, changing some info to confuse scanners is something clever but strange. Getting root was fun, had a chance to practise python skills.
  • can someone pm me for initial steps ?

  • edited September 2018

    CAn someone PM for final priv esc, so close yet so far

    nvm root

  • Very nice machine. Root was very interesting. Thanks to @wirepigeon for hint

  • Any hints on initial foot hold for user.txt

    I found two web-services the first MONSTER doesnt let me do anything the other one which has WORDS that are PRESSED onto the screen has some funky redirecting going on but i cant login to that service.... am i missing something?

  • why the hell is integrity check not working for me? I manually changed a file in web dir to create a difference but when I run that binary, no comparison is found :(
    Difference was detected only once in like 1000 tries and this just doesn't make any sense. I kept repeating same process, files are different but still it isn't detecting :/
    What am I doing wrong here?

  • nvm got the root flag without shell
    This machine reminds me exactly of an OSCP exam machine. Just keep enumerating till end. I am happy that I didn't stop enumeration during exam.
    Priv esc is so much mind f***

  • Would be grateful if anyone could DM me with a hint on how to proceed (even reference to reading material). I have identified the the 2 apps and I am currently enumerating the no to obvious one. But seems I am not heading anywhere

  • > @smit2300 said:
    > Rooted! Wow that was a tough priv esc but so cleverly put together! Mad props to the makers even if @3mrgnc3 is an absolute troll lol. PM me if anyone needs a hint at any stage of the box.

    ๐Ÿ‘น๐Ÿ‘ป
  • 1 week out from OSCP retest & would love some privesc pointers, not spoilers
    Got O* shell; might understand retartar (grp) but can't find diff/script talked. found 3 diff files but at a loss...

    Hack The Box
    OSCP, GWAPT, GCIH, CISSP, Sec+ ||||| Starting Mar 20: AWAE
    parityinfosec.com

  • Hey guys please PM me I need help on this box I've been trying to get user for like 2 weeks now

  • @imag1ne said:
    1 week out from OSCP retest & would love some privesc pointers, not spoilers
    Got O* shell; might understand retartar (grp) but can't find diff/script talked. found 3 diff files but at a loss...

    do enumeration steps as taught in oscp...
    try not to follow advice in the forums. There are many many wrong suggestions in here.

    Do your own enum and you will find it.

    Good luck ;)

  • lol, I know right? I actually found a script via enumeration but didn't realize it, just not sure what to do with it.
    My first guess was a local service I enum'd, (very OSCP) but couldn't figure out the password to access.

    Hack The Box
    OSCP, GWAPT, GCIH, CISSP, Sec+ ||||| Starting Mar 20: AWAE
    parityinfosec.com

  • Completely lost... I've done an extensive amount of enumeration and still can't find the initial foothold. Any help via pm would be greatly appreciated.

  • edited September 2018

    Would anyone please PM me about privesc process? I've found the script, but can't write to it. I tried linking the root file in order to break the certain process. I've tried a metric sh1t-ton of stuff and no of it has worked. Any assistance would be appreciated.

    EDIT: This box privesc is all about timing. Finally got it.

  • Troll machine... :)

  • @3mrgnc3 I love the image that you have created :)

    MrR3boot
    Learn | Hack | Have Fun

  • Curse the day I decided "looks pretty doable". I'm in the same boat as @Rayvenhawk and could use some help. Might not survive the night if I can't get a hint that's not trolling me.

    Trolls everywhere, send backup. Over.

    Hack The Box

  • @3mrgnc3 that trick with w****n fooling almost made me cry.
    anyway, pwned it.
    i'm tar-tar now 8-|

  • Can anyone help me enumerate? I am stuck. Found one web service. I can't even find second.

  • @dreamhacker said:
    Can anyone help me enumerate? I am stuck. Found one web service. I can't even find second.

    Use gobuster or anything other then dirbuster and make sure it runs SLOWLY... I had nothing but false negatives when I tried to use more then 10 threads and no luck using dirbuster no matter what I tried.

    This box is a giant troll, will give false negatives and false positives everywhere.

    blobbo

  • > @blobbo said:
    > @dreamhacker said:
    > Can anyone help me enumerate? I am stuck. Found one web service. I can't even find second.
    >
    >
    >
    >
    >
    > Use gobuster or anything other then dirbuster and make sure it runs SLOWLY... I had nothing but false negatives when I tried to use more then 10 threads and no luck using dirbuster no matter what I tried.
    >
    > This box is a giant troll, will give false negatives and false positives everywhere.

    he
    Hi, my first post. :) .
    The box is a good one, clever af.
    I thought my enum skills were on point till this box. if this box were a briar patch, one of the holes has actually gotta have a rabbit right?

    I'm sitting here, with a thoroughly burned down Briar Patch. A good square a dirt with a shitload of holes in it. And a good amount of time blow and smoke down most of them, I'm at a point now where I kind of have indigestion, but I can't seem to get this burp to work.

    After a long day struggling with configuring, I'm wondering if a big healthy belch is really the key to relieving this indigestion? Am i wasting time trying to configure a setup I could be struggling with on another box that it's actually necessary?
    Im pulling my hair out at the gurgling in my chest from this one, "X***Pc.p*p" it says.
    the "" is both a code and how heartburn Sounds, am i on the right track?

    i dont know w(t)p is going on with the broken login and the scary thing under the bed seems useless. Im lost..

    If this double posts im sorry, i tried a minute ago and looks like its on my profile, not the board.
  • edited October 2018

    Edited from stuck earlier to now stuck at privsec to root. If anyone wants to discuss solutions or just give me a nudge I'm open to that. I think I know what the vulnerability is.

  • I'm in the same position as many others...got admin access to one web platform where I cant find a way to get a rev shell back. Also found the login for another platform which has some strange redirects in place - cant seem to crack the login there. Hints via PM would be appreciated :) thanks!

    Disloquer

  • > @MrR3boot said:
    > @3mrgnc3 I love the image that you have created :)

    Thanks ๐Ÿ˜œ๐Ÿ‘
  • > @14dev said:
    > @3mrgnc3 that trick with w****n fooling almost made me cry.
    > anyway, pwned it.
    > i'm tar-tar now 8-|

    Glad you had fun ๐Ÿ˜‰
  • > @3mrgnc3 said:
    > @st4rry said:
    > I think it's a useful exploit but still a bit confusing :astonished: https://www.exploit-db.com/exploits/44502/ may I have a little bit nudge for getting shell?
    >
    >
    >
    >
    >
    > This is not a spoiler!

    But this is a little lol. Great machine!! its the first one I've tried, and already ive learned a bunch.
  • I am a bit traumatized from this box, not gonna lie. What a ride.

    nscur0

  • Not much of a debugger, any help on the escalation from user.txt.

    I have the script, but really dont know what im looking for...
Sign In to comment.