Irked

@TheMightyQuinn said:
Hey, so I just joined HTB a couple of days ago, and based off community ratings, this seems like it’s supposed to be an easy box. Maybe it’s just that I personally have basically zero experience with CTF-type challenges, but I just can’t seem to get anywhere. I’m seeing a lot of hints about what to do once you have a reverse shell, but I can’t even get that far. I admit it is quite possible that HackTheBox is just currently above my skill level, but if that’s the case, where might I go to get more beginner experience?

I’m on the same situation.
I scanned ports and found out i** and u*** (both udp) open but I have no clue of what to do, spent all day googling around exploits and nothing… Can someone send me a hint? I’ve tried spawn a reverse shell with netcat on those ports but 0 progress

@vitorfhc said:
Can I have a hint on root? I am pretty new to this. Also I don’t want spoilers, just hints, I tried a lot of priv esc techniques from Basic Linux Privilege Escalation - g0tmi1k but maybe I let something pass…

whilst enumerating you will find something that doesnt belong - you wont find this on a clean / standard linux install

nc should work for the CVE, keep trying different times and more importantly different payloads.

also my hint for root, when you find it you wont expect it, or atleast i didnt, lucky guess for me after reading what was going on with the system.

Is it easier than what I’m thinking? PrivEsc… perm-ing my hair out

Yeah, enumerated with LinEnum, read the output some times and tried some things that caught my attention. Nothing worked. I am overthinking or something like that.

i need help for priv esc. somebody can help? pm pls

Rooted … Thanks to @ZaphodBB & @Sigilli . As they said it … all the hints given are enough !! but if you need any help PM me \n/ :slight_smile:

For the record linenum didnt help me, it added so much additional info it masked the simple thing you should be finding in regards to privesc. Basically if you are going down a rabbit hole of any depth, you are taking the wrong path.

To me though, this was 10x harder than jerry, i had an easier time with carrier, waldo, access,etc… jerry didnt have privesc and the goals were more clear.

Rooted. Cool box. Back to the basics.

priv esc requires a basic enumeration script and some reading. Go slow through your output. I rushed until one of you was like “SLOW DOWN”. If you’re familiar with linux binaries, you will see it. If you’re not familiar, pull up what right looks like so it sticks out.

@timmy5 said:
For the record linenum didnt help me, it added so much additional info it masked the simple thing you should be finding in regards to privesc. Basically if you are going down a rabbit hole of any depth, you are taking the wrong path.

To me though, this was 10x harder than jerry, i had an easier time with carrier, waldo, access,etc… jerry didnt have privesc and the goals were more clear.

As a matter of interest how did you find Carrier easier than this ?

This box was easy because in every step the hints are there slapping you in the face. All you need to do is basic enumeration which you should know before attempting any box

First off - I think the “easy / hard” discussion is entirely subjective. If the person creating the box has created a path you’d think of, the box is easy. If it isnt, the box is hard. ( I actually found Jerry quite hard at first ).

Secondly, if you are stuck on this box, dont get frustrated just because other people say “easy, I pwnd it in 20 minutes.” Read through ALL the pages on this discussion and make sure you understand the hints. The path to completion is pretty much laid out (even when the obvious spoilers have been removed).

Rooted. Thanks @TazWake for confirming I wasn’t crazy. PM if anybody needs help and I can provide some none spoiler hints :slight_smile:

Rooted. It took me a long time. Despite the hints I followed many rabbit holes.

Guys, reset the box when you finish it. This should almost be a rule, especially for free servers.

People are getting in, finding the file, running it, and automatically getting a root shell, and they think they’ve completed it. The whole point of this is to learn about these vulnerabilities and how they work.

Hello Guys, i have a problem with b***** file, i no have idea what do!!
Thank you to all

@cipster86 said:
Hello Guys, i have a problem with b***** file, i no have idea what do!!
Thank you to all

read the message -it tells you all you need to know

This is a very stupid way to get root.txt, imo. I am a Linux guy and had to come here to get clues on how to obtain root.txt. Once I realized what everyone was talking about, I quickly made a one-liner that funnels directly to the necessary file.

I’m willing to help if someone has questions. Let me know what you’ve tried first.

Not seeing the priv esc through usual post exploit enum - can someone pm me a hint?

Can someone pm me a hint for root.txt? I think I found something interesting but im not sure if im on the right track.