Curling

Would very much appreciate any hints towards getting the root flag! I have foudn the files of interest and know the command i need to use, and have scoured the man page, and i think i know which option to use for it. but not getting anywhere. anyone able to PM me some pointers I would be very grateful :slight_smile:

Love the box. for a newbe its was fun and opened my eyes on new things. Getting in was peace of cake same goes for owning the user. after hours of struggling with trying to get root, I managed to get root.txt.

I’m still wondering how to get root as shell. I would appreciate if someone would PM me.

Can someone help me with getting root.txt? I already have user but I can’t figure out the next step. I see the files I need to do something with and know I need to use c**l but I’m not sure how.

I keep getting permission denied when trying to open the p*******_b***** file. Am I missing something? Still the www-data user. I can see prefix indicating the right tool but can’t get it to work

Edit: NVM lol

@zealovault said:
Can someone help me with getting root.txt? I already have user but I can’t figure out the next step. I see the files I need to do something with and know I need to use c**l but I’m not sure how.

Maybe try to see what the files are doing/using? That might lead to what you need to do/use.

Can I PM someone for a nudge on root?

Edit: Got root

Got the root flag, but not a root shell. Does anyone know if the intended way was root shell, or just to grab root.txt?

Can someone DM a hint for root.txt? I can see the processes being used to edit the two files in the a****-a*** and i’ve looked through the man files for c**l but I haven’t found anything useful

Edit: Just got it thanks to @3therk1ll and @Liz4rd !

@VincentZ174 said:
Can someone DM a hint for root.txt? I can see the processes being used to edit the two files in the a****-a*** and i’ve looked through the man files for c**l but I haven’t found anything useful

PM’d you dude

Got root. Willing to help others. Just pm me.

i tried brute forcing the website
please let me know if am on the write path

@dev696 said:
i tried brute forcing the website
please let me know if am on the write path

Bruteforcing is good solution only in rare cases and you should use it as last thing when everything other failed.

so what else i can do with this machine any hint will be helpful??

@dev696 said:
i tried brute forcing the website
please let me know if am on the write path

You are not. There is no need to use bruteforce.
The username and password are available in the website front end.

Hint, may the source be with you

To be honest, I didn’t really enjoy this machine. It’s pretty much just searching for the right place and then a very simple action is enough to get the flag. Each of the steps is genuinely ONLY about knowing WHERE to look / make an edit.

It is a good lesson in enum tho…

@rbit said:
Got user, but stuck on getting root. I read most tips but I’ve got no clue what to do atm. I assume I have to use the files inside the a*a folder, but can’t figure out what they’re for…

If anyone could pm me some hints, would be appreciated!

Try and figure out whats happening inside that directory. Once you have that. You’ll know what to do. Why are there files and what are they doing

Finally managed to get root flag. My method is nasty. Anyone who also got root flag, can you PM me the way you did it.

@dev696 said:
so what else i can do with this machine any hint will be helpful??

Tell us what you did except brute forcing and we are gonna tell you…or you know, you can read the previous pages.

Anyone having trouble figuring out what is going on for priv esc, try and figure out what process might be running. A great tool for that is GitHub - DominicBreuker/pspy: Monitor linux processes without root permissions
which was written by a great member of the htb community.

This box wasn’t hard and there are a few ways of getting a shell.
The finally manuever to obtain root.txt can definitely be overthought. At least, that’s what I initially did. I’m willing to help if someone is stuck. Just tell me what you’ve tried on your own first.