Bashed

Can someone tell me If I am on the right path for bashed..I have been messing with it for a while now "Shellshock" is what I believe to be where I need to start.

Tagged:
«134

Comments

  • You are not on the right path.

    Hack The Box Badge

  • yea wow I was way off. Think I am on the way now thanks man.

  • I'm stuck in the privesc :/
    Feel I'm missing something that is in front of me, or I'm overthinking with this machine. Any hint?

    Puerkito66

  • @puerkito66 said:
    I'm stuck in the privesc :/
    Feel I'm missing something that is in front of me, or I'm overthinking with this machine. Any hint?

    I have the same feeling man

    zelsonm1

  • saaaaaaaaameee

    fhlipZero

  • That's where I am stuck now as well. If I find anything out I will hint you.

  • Its a really easy box just requires basic enumeration
    Hack The Box

  • Is really an easy machine? if that's the case, i'm missing somenthin very very obvious :/

    Puerkito66

  • just to get it registered, someone wrote "resets, resets everywhere" inside root.txt today. LOL

    zelsonm1

  • user is easy, priv esc is not so easy

    peek

  • Anyone got any tips for the priv esc? As a side note I'm getting issues getting a fully interactive TTY on this box, this is the first one I've tried so far, using the stty echo -raw with no luck

  • I have full interactive reverse shell with TTY, wasn't too hard (USE python) . Now to figure out the "easy", "obvious" privesc to get root.

  • Can anybody hint with privesc???
    I did many enum (LinEnum and so on...)
    Please give little hint...
  • Same, could really use a fresh hint...

    Pomme

  • @Pomme said:
    Same, could really use a fresh hint...

    A "fresh" hint? Lol the box has been out for barely a week - and everything you need to solve it is in this thread.. What more "hint" could you need?

    likwidsec

  • There's multiple ways to root this box. Personally, I would suggest avoiding the method that requires multiple resets and a lot of luck as you will get frustrated/annoy others working on the box and won't learn anything of value.

    Scripts like LinEnum are great, but it's always worth poking around manually checking file/folder contents too.

    brox

  • @likwidsec said:

    @Pomme said:
    Same, could really use a fresh hint...

    A "fresh" hint? Lol the box has been out for barely a week - and everything you need to solve it is in this thread.. What more "hint" could you need?

    I've never ever done any priv esc before, I'm very much a beginner at this, but hey, I hear you, I think I just gotta read more and more about priv esc

    Will try again and again until I succeed ;)

    Pomme

  • @BROX said:
    There's multiple ways to root this box. Personally, I would suggest avoiding the method that requires multiple resets and a lot of luck as you will get frustrated/annoy others working on the box and won't learn anything of value.

    Scripts like LinEnum are great, but it's always worth poking around manually checking file/folder contents too.

    Thanks for the answer. It is very helpfull to me) I am a newbie in this playground) But it is very cool) Very realistic boxes ))

  • @likwidsec said:

    @Pomme said:
    Same, could really use a fresh hint...

    A "fresh" hint? Lol the box has been out for barely a week - and everything you need to solve it is in this thread.. What more "hint" could you need?

    We all started somewhere man...Just because you found it obvious doesn't mean a lot of people did.

    Booj

  • little hint for priv esc

    peek

  • It's like watching an AngryJoeShow video review :D

    I'd love to have access to a sub-forum for each box, password protected by the root flag, then we could discuss why certain things wouldn't work that under different circumstances would of, it's just a thought..

  • @Saoirse said:
    It's like watching an AngryJoeShow video review :D

    I'd love to have access to a sub-forum for each box, password protected by the root flag, then we could discuss why certain things wouldn't work that under different circumstances would of, it's just a thought..

    That sounds like an awesome idea to me..would also help people like me learn different approaches you can take.

  • @TheRealHooz said:

    @Saoirse said:
    It's like watching an AngryJoeShow video review :D

    I'd love to have access to a sub-forum for each box, password protected by the root flag, then we could discuss why certain things wouldn't work that under different circumstances would of, it's just a thought..

    That sounds like an awesome idea to me..would also help people like me learn different approaches you can take.

    Yeah, I like this idea. A section to share solutions and idea.. I think that it could be implemented in the htb home (where there are the active machines). After you get root flag you are able to read solutions. You can comment, compare etc..

    r7f5

  • @Saoirse said:
    It's like watching an AngryJoeShow video review :D

    I'd love to have access to a sub-forum for each box, password protected by the root flag, then we could discuss why certain things wouldn't work that under different circumstances would of, it's just a thought..

    Neat idea!

    Pomme

  • @r7f5 said:

    @TheRealHooz said:

    @Saoirse said:
    It's like watching an AngryJoeShow video review :D

    I'd love to have access to a sub-forum for each box, password protected by the root flag, then we could discuss why certain things wouldn't work that under different circumstances would of, it's just a thought..

    That sounds like an awesome idea to me..would also help people like me learn different approaches you can take.

    Yeah, I like this idea. A section to share solutions and idea.. I think that it could be implemented in the htb home (where there are the active machines). After you get root flag you are able to read solutions. You can comment, compare etc..

    I think that's a great idea

    Booj

  • @Pomme said:

    @likwidsec said:

    @Pomme said:
    Same, could really use a fresh hint...

    A "fresh" hint? Lol the box has been out for barely a week - and everything you need to solve it is in this thread.. What more "hint" could you need?

    I've never ever done any priv esc before, I'm very much a beginner at this, but hey, I hear you, I think I just gotta read more and more about priv esc

    Will try again and again until I succeed ;)

    The missing pieces to privesc'ing this box are probably staring at you (it was for me) I didn't see it at first with all the machine resets and those resets cause me to go down a dark and unnecessary rabbit hole. I reached out to someone and was thankfully told to try harder and look at the basics. Once you 'see' it you can privesc with very minimal effort (read: you don't have to crash the box).

    g0tm1lk's basic linux priv esc guide is a great resource for beginners (and this machine)

  • Here's the deal, when you can point out exactly what exactly the process of understating your LinEnum.sh scripts or bat scripts mean, then you haven't earned the right to admonish people, they're, I'am, just trying to learn, this is unhealthy, that's not natural the way you people have been taught, it's unacceptable , albeit from the OSCP it's oddly acceptable, doesn't make it alright, I quit....

  • @Saoirse said:
    Here's the deal, when you can point out exactly what exactly the process of understating your LinEnum.sh scripts or bat scripts mean, then you haven't earned the right to admonish people, they're, I'am, just trying to learn, this is unhealthy, that's not natural the way you people have been taught, it's unacceptable , albeit from the OSCP it's oddly acceptable, doesn't make it alright, I quit....

    dont worry

    peek

  • I have to be blind, coz i only see a few things, try some others, but anyhow stuck XD

  • Any hints on how to privesc this box?

Sign In to comment.