Irked

1679111229

Comments

  • @craftxbox said:
    i have absolutely no clue what this b**p file is telling me, it makes zero sense to me.

    in the same I am

  • and people are trying to dirtycow it.. still.

  • I already think the stego is in the b*********p file asks me for the password but what I'm using tells me that it does not support the file format

  • @d3ku said:
    Hey I cant seem to get my msf exploit working. It keeps saying cant bind to the port.
    Can someone PM me so I can ask some questions?

    check if your "postgresql" service is running

  • @Vburgos said:
    I already think the stego is in the b*********p file asks me for the password but what I'm using tells me that it does not support the file format

    Maybe that file is just the first piece of the puzzle and you're missing another one, then :).

    Interesting machine. First time I actually have to use s************. Although I suspect, as others, that it's not necessary: You can get root without.

  • edited December 2018

    Got it! ;)

  • just rooted it ... pm for any hints ;)

  • edited December 2018

    @AgustinCB said:

    Maybe that file is just the first piece of the puzzle and you're missing another one, then :).

    Oh man... Kicking myself for not thinking of that!

    Hint - Go back to what you found during your initial enumeration.

    Got user. Now trying to get root.

    tiger5tyle

  • found the b*********p file but doesn't make any sense. Trying to think out of the box but no luck.

  • @whitesails said:
    found the b*********p file but doesn't make any sense. Trying to think out of the box but no luck.

    there's a key word in that file, it's short for a longer name, look closer

    Hack The Box

  • on what type of file would you use that word on... have you seen any of those around during your initial enum?

    Hack The Box

  • edited December 2018

    Looking at the key word but no clue...

    Just got user! nice

  • Rooted! Getting a shell was ok with MSF, but then ... the very first thing I do on a *nix box for priv-esc enum and I OVERLOOKED it COMPLETELY! Tip: Read every line of output, line-by-line, again. Easy to miss this.

    sx02089

  • @sx02089 said:
    Rooted! Getting a shell was ok with MSF, but then ... the very first thing I do on a *nix box for priv-esc enum and I OVERLOOKED it COMPLETELY! Tip: Read every line of output, line-by-line, again. Easy to miss this.

    good on ya! Still struggling with priv esc, probably missing something from the enum as you mention...

  • Anybody have some time to help? I'm looking to get root. I think I've found something that's not usually on Linux machines (not an easy task for me yet), but I'm worried I'm creating my own rabbit hole :).

  • any ideas of how to get the enumeration shell script to run, keep saying permission denied

  • Done! Get user flag is very cool, root flag without privilege escalation, is needed lot of patience and attention with unusual binaries. Anyone got root with privilege escalation?

  • @sx02089 said:
    Rooted! Getting a shell was ok with MSF, but then ... the very first thing I do on a *nix box for priv-esc enum and I OVERLOOKED it COMPLETELY! Tip: Read every line of output, line-by-line, again. Easy to miss this.

    The same happened to me! It's tricky because the clue looks like something standard.

  • @galoryber said:
    Anybody have some time to help? I'm looking to get root. I think I've found something that's not usually on Linux machines (not an easy task for me yet), but I'm worried I'm creating my own rabbit hole :).

    If you found it, it should work right away.

  • @AgustinCB said:

    @galoryber said:
    Anybody have some time to help? I'm looking to get root. I think I've found something that's not usually on Linux machines (not an easy task for me yet), but I'm worried I'm creating my own rabbit hole :).

    If you found it, it should work right away.

    It depends if someone else has done the dirty work for you yet or not :)

  • @d3ku said:

    @AgustinCB said:

    @galoryber said:
    Anybody have some time to help? I'm looking to get root. I think I've found something that's not usually on Linux machines (not an easy task for me yet), but I'm worried I'm creating my own rabbit hole :).

    If you found it, it should work right away.

    It depends if someone else has done the dirty work for you yet or not :)

    Oh, interesting. Then maybe the previous user forgot to reset the machine before I got in... Sending a PM.

  • crack out the perm manual

    Hack The Box

  • Hello, I'm new to HTB. Been reading the forums, writeups, watching IppSec, trying challenges and several boxes.

    Obtained user successfully, but am struggling with root. Things I've tried so far:

    • re-read this thread for clues
    • carefully went line by line through list of binaries (running and not) as suggested
    • tried enum scripts and read through the output multiple times
    • Googled for common enum techniques, read through several blogs, tried the suggestions
    • tried comparing box and files to typical Linux box and files
    • tried looking for the "b" and "v" files explicitly mentioned in this thread

    Kind of feels like if you know it, you'll get it, and if you don't, you won't.
    Similar to how if you're color blind, no matter how hard you try, you won't be able to see the hidden numbers amongst the dots.

    Not sure what to try next. Any clues as to what I'm missing here?

  • @OldManWinter I guess we should try harder. Same situation

  • edited December 2018

    ok, so far so good. Got a shell, found the b*** file. But I'm too dumb to figure out how to replace what with what. Any hints?

    update: got root directly. I still have no idea how to solve the stego part...

    "Respect to whom respect is due."
    Twitter: https://twitter.com/0x4242 | Web: http://0x4242.net
  • it says stego, google stego!

    Hack The Box

  • Got root.txt
    There is unintended way to get the both the flags I think. But anyway if anyone need hint PM me. Thanks for the hints in the thread.

    sesha569

  • Got root, don't think I ever came across the b file everyone is talking about though.
    Hint: The file I used is not nested 100 layers deep in some obscure subdirectory. Went back to my popular enum script results and it was in there, I simply missed it because it didn't stand out to me. Googling the file path and name yielded 0 relevant results, thus missing from typical Linux boxes and an excellent candidate for a closer look based on hints earlier in this thread.

  • Be --one with the root. That's all I'm going to say.

  • this is so strange...I used to connect to a service to upload ie script and now that service does not accept previous file type...Trying to access root but need that service...when I test it with a jpg it works fine but when I try to use another file type then it doesn't accept it anymore...

Sign In to comment.