Irked

@nawespet said:
Thanks @BoxingOctopus found it, service keeps going down on this machine. Can anyone give a hint on what to do with .b***** file… I’ve researched what it is and I know what it is refering to but can’t seem to figure out how to get password from it…

Everything is in front of you. Just relate and combine. Any more than this will be a spoiler :smile:

Got root (shell and file). I found the privesc method a few hours ago, but it took me a while to figure out how to use it. I just kept getting denied over and over again.

Good stuff. PM me if you need hints, though you won’t get a response tonight. I’m going to bed. :slight_smile:

Got root, thx help from @marine, @Ahm3dH3sham and @Xavierif!!

I just got root, but I think someone left a file there that helped me a lot. Haha. Anyway… don’t really know if it was there when I was enumerating before. If not, I want to learn how to do it properly. PM anyone?

Easy if you have a bit of experience. If you don’t, this will be a good box to work out the basic approach. User slaps you in the face and root is basic recon plus looking at your results carefully. If you don’t think you have the tools for recon or exfil, then go get them (it’s just a google and an apt-get away).

@Skunkfoot I meant the output of the system enumeration, that I didn’t read carefully. I was expecting something that will stick out with a crazy name. Instead, I was looking at that file like 3 times, and dismissed it like “nah, that’s not it, that’s probably some htb process”. Oh boy, how was I wrong.

Been stuck on privesc to root since yesterday. Anyone who wouldnt mind giving me a nudge to what to look for more specificly?

I wish the box creator didn’t log hackers actions. I rooted the box before getting user because the steps were logged in an obvious file… I always give a reset before i try a new box, but i guess someone was faster then me and spoiled the box. :angry:

i found my way in but i didnt find the way to open the user.txt from the dj. I check linenum since hours. a hint would be helpfull

Just owned the machine. User was pretty straightforward with a little ‘CTF challenge’. I found root to be a bit harder. After speaking to someone else about it, I found there was a much easier way than mine though.

For anyone still stuck: as someone said before ‘knock on all the doors’. When you can’t get to the user.txt, look closely at the files you’re presented.

any hints ? :confused:

Got Low Shell

Anyone asking for privesc hints this late in the thread simply isn’t trying at all nor are they reading any posts that have incredible hints in them.

At this point you have to ask yourself: why are you doing this if you refuse to even attempt to figure it out on your own?

hmm well the irc is working :slight_smile:

@Legohund said:
hmm well the irc is working :slight_smile:

Yep :slight_smile:

@nawaronin said:
@Skunkfoot I meant the output of the system enumeration, that I didn’t read carefully. I was expecting something that will stick out with a crazy name. Instead, I was looking at that file like 3 times, and dismissed it like “nah, that’s not it, that’s probably some htb process”. Oh boy, how was I wrong.

Ah yeah I did the exact same thing haha.

@Phrenesis2k said:
I always give a reset before i try a new box, but i guess someone was faster then me and spoiled the box. :angry:

This should be standard practice by everyone, if not an outright rule or something. I always reset a box when I finish it. (Although to be fair, on a free server with a new, easier box like this, there would be constant resets and people would be pissed).

@rbit said:
Just owned the machine. User was pretty straightforward with a little ‘CTF challenge’. I found root to be a bit harder. After speaking to someone else about it, I found there was a much easier way than mine though.

For anyone still stuck: as someone said before ‘knock on all the doors’. When you can’t get to the user.txt, look closely at the files you’re presented.

That knock statement threw me off for a bit. I started looking into port knocking and all sorts of crazy stuff. Obviously I was way overthinking things.

@Skunkfoot said:

That knock statement threw me off for a bit. I started looking into port knocking and all sorts of crazy stuff. Obviously I was way overthinking things.

Knock knock!

Got Root before getting user.txt
can someone tell me in PM how you decrypt this .ba**** file :open_mouth:

@rzouzou go back to the main webpage

Can you give me some hint for get user :frowning: