Can someone tell me If I am on the right path for bashed..I have been messing with it for a while now "Shellshock" is what I believe to be where I need to start.
Anyone got any tips for the priv esc? As a side note I'm getting issues getting a fully interactive TTY on this box, this is the first one I've tried so far, using the stty echo -raw with no luck
There's multiple ways to root this box. Personally, I would suggest avoiding the method that requires multiple resets and a lot of luck as you will get frustrated/annoy others working on the box and won't learn anything of value.
Scripts like LinEnum are great, but it's always worth poking around manually checking file/folder contents too.
@Pomme said:
Same, could really use a fresh hint...
A "fresh" hint? Lol the box has been out for barely a week - and everything you need to solve it is in this thread.. What more "hint" could you need?
I've never ever done any priv esc before, I'm very much a beginner at this, but hey, I hear you, I think I just gotta read more and more about priv esc
@BROX said:
There's multiple ways to root this box. Personally, I would suggest avoiding the method that requires multiple resets and a lot of luck as you will get frustrated/annoy others working on the box and won't learn anything of value.
Scripts like LinEnum are great, but it's always worth poking around manually checking file/folder contents too.
Thanks for the answer. It is very helpfull to me) I am a newbie in this playground) But it is very cool) Very realistic boxes ))
I'd love to have access to a sub-forum for each box, password protected by the root flag, then we could discuss why certain things wouldn't work that under different circumstances would of, it's just a thought..
@Saoirse said:
It's like watching an AngryJoeShow video review
I'd love to have access to a sub-forum for each box, password protected by the root flag, then we could discuss why certain things wouldn't work that under different circumstances would of, it's just a thought..
That sounds like an awesome idea to me..would also help people like me learn different approaches you can take.
@Saoirse said:
It's like watching an AngryJoeShow video review
I'd love to have access to a sub-forum for each box, password protected by the root flag, then we could discuss why certain things wouldn't work that under different circumstances would of, it's just a thought..
That sounds like an awesome idea to me..would also help people like me learn different approaches you can take.
Yeah, I like this idea. A section to share solutions and idea.. I think that it could be implemented in the htb home (where there are the active machines). After you get root flag you are able to read solutions. You can comment, compare etc..
@Saoirse said:
It's like watching an AngryJoeShow video review
I'd love to have access to a sub-forum for each box, password protected by the root flag, then we could discuss why certain things wouldn't work that under different circumstances would of, it's just a thought..
@Saoirse said:
It's like watching an AngryJoeShow video review
I'd love to have access to a sub-forum for each box, password protected by the root flag, then we could discuss why certain things wouldn't work that under different circumstances would of, it's just a thought..
That sounds like an awesome idea to me..would also help people like me learn different approaches you can take.
Yeah, I like this idea. A section to share solutions and idea.. I think that it could be implemented in the htb home (where there are the active machines). After you get root flag you are able to read solutions. You can comment, compare etc..
@Pomme said:
Same, could really use a fresh hint...
A "fresh" hint? Lol the box has been out for barely a week - and everything you need to solve it is in this thread.. What more "hint" could you need?
I've never ever done any priv esc before, I'm very much a beginner at this, but hey, I hear you, I think I just gotta read more and more about priv esc
Will try again and again until I succeed
The missing pieces to privesc'ing this box are probably staring at you (it was for me) I didn't see it at first with all the machine resets and those resets cause me to go down a dark and unnecessary rabbit hole. I reached out to someone and was thankfully told to try harder and look at the basics. Once you 'see' it you can privesc with very minimal effort (read: you don't have to crash the box).
g0tm1lk's basic linux priv esc guide is a great resource for beginners (and this machine)
Here's the deal, when you can point out exactly what exactly the process of understating your LinEnum.sh scripts or bat scripts mean, then you haven't earned the right to admonish people, they're, I'am, just trying to learn, this is unhealthy, that's not natural the way you people have been taught, it's unacceptable , albeit from the OSCP it's oddly acceptable, doesn't make it alright, I quit....
@Saoirse said:
Here's the deal, when you can point out exactly what exactly the process of understating your LinEnum.sh scripts or bat scripts mean, then you haven't earned the right to admonish people, they're, I'am, just trying to learn, this is unhealthy, that's not natural the way you people have been taught, it's unacceptable , albeit from the OSCP it's oddly acceptable, doesn't make it alright, I quit....
Comments
You are not on the right path.
yea wow I was way off. Think I am on the way now thanks man.
I'm stuck in the privesc
Feel I'm missing something that is in front of me, or I'm overthinking with this machine. Any hint?
I have the same feeling man
saaaaaaaaameee
That's where I am stuck now as well. If I find anything out I will hint you.
Its a really easy box just requires basic enumeration

Is really an easy machine? if that's the case, i'm missing somenthin very very obvious
just to get it registered, someone wrote "resets, resets everywhere" inside root.txt today. LOL
user is easy, priv esc is not so easy
Anyone got any tips for the priv esc? As a side note I'm getting issues getting a fully interactive TTY on this box, this is the first one I've tried so far, using the stty echo -raw with no luck
I have full interactive reverse shell with TTY, wasn't too hard (USE python) . Now to figure out the "easy", "obvious" privesc to get root.
I did many enum (LinEnum and so on...)
Please give little hint...
HTB | Root-Me | PentestIT | OSCP | Social
Same, could really use a fresh hint...
A "fresh" hint? Lol the box has been out for barely a week - and everything you need to solve it is in this thread.. What more "hint" could you need?
There's multiple ways to root this box. Personally, I would suggest avoiding the method that requires multiple resets and a lot of luck as you will get frustrated/annoy others working on the box and won't learn anything of value.
Scripts like LinEnum are great, but it's always worth poking around manually checking file/folder contents too.
I've never ever done any priv esc before, I'm very much a beginner at this, but hey, I hear you, I think I just gotta read more and more about priv esc
Will try again and again until I succeed
Thanks for the answer. It is very helpfull to me) I am a newbie in this playground) But it is very cool) Very realistic boxes ))
HTB | Root-Me | PentestIT | OSCP | Social
We all started somewhere man...Just because you found it obvious doesn't mean a lot of people did.
little hint for priv esc

It's like watching an AngryJoeShow video review
I'd love to have access to a sub-forum for each box, password protected by the root flag, then we could discuss why certain things wouldn't work that under different circumstances would of, it's just a thought..
That sounds like an awesome idea to me..would also help people like me learn different approaches you can take.
Yeah, I like this idea. A section to share solutions and idea.. I think that it could be implemented in the htb home (where there are the active machines). After you get root flag you are able to read solutions. You can comment, compare etc..
Neat idea!
I think that's a great idea
The missing pieces to privesc'ing this box are probably staring at you (it was for me) I didn't see it at first with all the machine resets and those resets cause me to go down a dark and unnecessary rabbit hole. I reached out to someone and was thankfully told to try harder and look at the basics. Once you 'see' it you can privesc with very minimal effort (read: you don't have to crash the box).
g0tm1lk's basic linux priv esc guide is a great resource for beginners (and this machine)
Here's the deal, when you can point out exactly what exactly the process of understating your LinEnum.sh scripts or bat scripts mean, then you haven't earned the right to admonish people, they're, I'am, just trying to learn, this is unhealthy, that's not natural the way you people have been taught, it's unacceptable , albeit from the OSCP it's oddly acceptable, doesn't make it alright, I quit....
dont worry
I have to be blind, coz i only see a few things, try some others, but anyhow stuck XD
Any hints on how to privesc this box?