Curling

@Skunkfoot said:

Every machine is easy if you already know the method

This ^^^^^^^

I think there has to be a range of boxes here - some which are so easy that genuine CTF experts find them trivial to do and some which are challenging even for the elite.

WIthout the easy ones, new people can’t learn. While I dont mean to say HTB has to be a learning ground for complete newbies, the reality is a “CTF” mindset isnt something people are born with.

@Frey said:

Don’t get me wrong but the solutions is not always a try_hard way, more like search2find way.

I think this is also very important. “Try Harder” is good enough for people with some knowledge and experience, but I find it is very discouraging for people new into the game.

@TazWake said:

@Skunkfoot said:

Every machine is easy if you already know the method

This ^^^^^^^

I think there has to be a range of boxes here - some which are so easy that genuine CTF experts find them trivial to do and some which are challenging even for the elite.

WIthout the easy ones, new people can’t learn. While I dont mean to say HTB has to be a learning ground for complete newbies, the reality is a “CTF” mindset isnt something people are born with.

@Frey said:

Don’t get me wrong but the solutions is not always a try_hard way, more like search2find way.

I think this is also very important. “Try Harder” is good enough for people with some knowledge and experience, but I find it is very discouraging for people new into the game.

To be fair to @Frey, this box really is pretty simple in the end. And I understand why “Try Harder” can be discouraging, but people get into a habit of asking for help for one thing, and then following it up immediately when they get stuck on the next step. I get SO many PMs like this. I don’t mind helping people, but I’m not here to walk you through this step by step either, ya know?

So yeah, when people say “Try Harder”, they usually mean something along the lines of “continue doing research and trying to learn new things. Maybe one of the things you try will work” :slight_smile:

I need help with that pa******_*****p file
can someone pm me?

five minutes from first blood on user and root shakes fist

@Skunkfoot said:
Really cool box, really interesting way to grab the flag. Is it possible to get a full root shell? Did I grab the flag the wrong way?

It is possible to get a full root shell.

got root.txt … but what happened ?

A very easy box, but also a very fun one! It was a nice change of pace from banging my head against the wall for hours like what tends to happen on the hard boxes.

Also, yes, it’s possible to get a root shell.

Can someone explain to me how they got root shell? I only got root.txt.
Edit: Got an explanation. I’m dumb.

Utterly confused by priv esc. I’m pretty sure I know what I’m looking at now but I don’t know how to leverage what I’ve figured out. I don’t know how to explain where I’m out without spoiling so I’m not even that sure how to ask for a hint.

All done. Deceptively simple, always the challenge when you jump back to easier ones you’re looking for the hard way.

I’d be interested in hearing how folks got a root shell. I was able to read root.txt, but haven’t had any luck with the shell

figure out how the mechanism you’re using to read the root.txt file works and you’ll probably be able to imagine ways to get a root shell.

@TazWake said:

@Skunkfoot said:

Every machine is easy if you already know the method

This ^^^^^^^

I think there has to be a range of boxes here - some which are so easy that genuine CTF experts find them trivial to do and some which are challenging even for the elite.

WIthout the easy ones, new people can’t learn. While I dont mean to say HTB has to be a learning ground for complete newbies, the reality is a “CTF” mindset isnt something people are born with.

@Frey said:

Don’t get me wrong but the solutions is not always a try_hard way, more like search2find way.

I think this is also very important. “Try Harder” is good enough for people with some knowledge and experience, but I find it is very discouraging for people new into the game.

Exactly this. I’m here to learn before taking my OSCP course in the new year. The machines I’ve already done are very easy retro-respectively. Learning how to get there though… there is a lot of ground to cover.

@galoryber said:
Exactly this. I’m here to learn before taking my OSCP course in the new year. The machines I’ve already done are very easy retro-respectively. Learning how to get there though… there is a lot of ground to cover.

You guys aren’t wrong by any stretch of the imagination. I can see why this box would be difficult for someone just starting out. I can’t speak for Frey, but, personally, I’m having a very difficult time trying to come up with hints that wouldn’t just be outright spoilers.

But that may very well be the disconnect between those with less experience and those with more experience; to me it seems like any hint I provide would be a spoiler, but if the person I’m providing that hint to isn’t already in my headspace… It might not even be useful to them. But it could also be spoonfeeding a third party reading the hint who’s in between us as far as skill/experience goes. So it’s a very difficult issue to navigate.

I think this is also why you see so many people just saying the same, tired ■■■■ over and over on this forum. “Enumerate more”, “try harder”, etc.

TL/DR: I don’t think anyone is trying to be intentionally unhelpful.

Hint for stage one: Enumerate. Examine everything (including page sources) and look for common file extensions. Everything you need to login is literally right there in front of you. Once you’ve logged in, you may need to research a bit before you figure out how to execute commands on the system, but it is very, very simple.

Hint for stage two (user): Again, it’s in your face. No tricks. If the first few bytes of the file look familiar, that’s because they are. If they aren’t, Google them. Either way, figure out how to transform the data into something else, and then repeat. Eventually you’ll end up with a plaintext something-or-other that you’ll (hopefully) know what to do with.

Hint for stage three (root): There’s something going on close by. You don’t need to venture very far. Figure out what’s going on and leverage it. Be patient. Examine the environment.

Rooted. I think it might have been a fluke how I figured out what was going on close by. Just happened to run a command at the right time to see it. Rather be lucky than good, I suppose.

Hey guys! I’m really glad that most of you like the box! As most of you already said, this box is aimed at people who are new to HTB. Yes it can be boring for advanced players who hoped to learn something new, but I think this box is a good stepping stone up from the box “Jerry”. All hints provided in this thread should be enough to root the machine, so i will not give any more. Go back to basics and look in front of you!

As for the question if it is possible to get a root shell. Yes it is!

@L4mpje said:
Hey guys! I’m really glad that most of you like the box! As most of you already said, this box is aimed at people who are new to HTB. Yes it can be boring for advanced players who hoped to learn something new, but I think this box is a good stepping stone up from the box “Jerry”. All hints provided in this thread should be enough to root the machine, so i will not give any more. Go back to basics and look in front of you!

As for the question if it is possible to get a root shell. Yes it is!

Is root shell the intended way? Because that’s how I did it and reading the thread getting the impression there’s meant to be a more “obvious” way - but to me the shell was super obvious and I can’t see this other way :frowning:

@blobbo said:

@L4mpje said:
Hey guys! I’m really glad that most of you like the box! As most of you already said, this box is aimed at people who are new to HTB. Yes it can be boring for advanced players who hoped to learn something new, but I think this box is a good stepping stone up from the box “Jerry”. All hints provided in this thread should be enough to root the machine, so i will not give any more. Go back to basics and look in front of you!

As for the question if it is possible to get a root shell. Yes it is!

Is root shell the intended way? Because that’s how I did it and reading the thread getting the impression there’s meant to be a more “obvious” way - but to me the shell was super obvious and I can’t see this other way :frowning:

Anything that works is intended, both are really obvious. But i can imagine that new players might have trouble with seeing all the possibilities you have in this scenario.

@L4mpje said:

@blobbo said:

@L4mpje said:
Hey guys! I’m really glad that most of you like the box! As most of you already said, this box is aimed at people who are new to HTB. Yes it can be boring for advanced players who hoped to learn something new, but I think this box is a good stepping stone up from the box “Jerry”. All hints provided in this thread should be enough to root the machine, so i will not give any more. Go back to basics and look in front of you!

As for the question if it is possible to get a root shell. Yes it is!

Is root shell the intended way? Because that’s how I did it and reading the thread getting the impression there’s meant to be a more “obvious” way - but to me the shell was super obvious and I can’t see this other way :frowning:

Anything that works is intended, both are really obvious. But i can imagine that new players might have trouble with seeing all the possibilities you have in this scenario.

Ah just poked around more and saw the other way!

edit: Got user, thanks for any hints! :slight_smile:

Root was way easier than user, imo.