• Rooted. I was making it a lot harder than necessary. Be aware of permissions and what directories you are working in.


  • Anyone got any hints as to the next step after l**p enum

  • finally rooted. I missed one REALLY basic thing. reading this forum made me jump to far along in the process... hehe
    Fun box, thanks to @AuxSarge !


  • Root! All you need from getting user to root is in this forum. Just read it carefully. Big thanks to this community, it has been a challenge to root these machines to me.

  • I have user and hash, name of share and name of file as well but when I try to GET it, I get error "You don't have enough permissions to access..." using other tool I get yet another error "session setup failed: NT_STATUS_LOGON_FAILURE".

    Can somebody give me a nudge?



  • I'm about to root this machine. It took me a while. But I was wondering how did you enumerate on this machine ? I tried with LinEnum but didn't work properly and stop working at some point of the execution?


  • edited November 2018

    I don't get it, I have all files for priv. user (key, cert & signed cert) but every time I generate new key or convert existing is says it's a public key. Key is protected on file system level and even if I allow s**-***** to output it to default location (unpriv. user does not have access to it) and print it from there (or convert it to new file) still tools like ssh, Pu****n are claiming that file is cert (public key).

    EDIT: Rooted, still I'd like to discus some things which are different on machine and on internet manuals



  • Rooted.

    My tip is: principals is not 'root'


  • @deleite said:

    My tip is: principals is not 'root'

    Best tip that you can get on priv. esc., spent a lot of time before I figured out that, I'n articles they're usually using root for example of principal :)



  • edited November 2018

    Hey can someone give a hint for priv esc?
    I understand using s**-*****n and principals, but I dont understand how to interact with ss***th on web page, tried many things but always getting a 400 error.

    Edit: Got root thanks so much to @The5thDomain for the help and to @deda1mraz for the final hint I needed!

  • Feel free to PM me if you are having trouble.

  • anyone knows what share im to get into? i have username and i pretty much know how to use the kind of password but i can seem to enumerate shares


  • i have the my__.pk and i have no shit clue what to do with that


  • Edit: Got user... now onto root... Nudge for root


  • Sv5Sv5
    edited December 2018

    Spoiler Removed - egre55


  • rooted, big thanks @cbx for the root hint! very fun box! props to the creator

  • Could anyone lend me a PM hand. I read the article but I do not know what I am doing wrong with d*** s-K-***. I followed the article but I can not read the private. It only displays the public key with any flag I try Any help would be great.

  • Sheeeshhh :) sorry for spoiler everyone


  • Me: Muuuummmmm!!! I got root :)
    Mum: Root for which tree? :) :) :)


  • @chmod0597 said:
    Could anyone lend me a PM hand. I read the article but I do not know what I am doing wrong with d*** s-K-***. I followed the article but I can not read the private. It only displays the public key with any flag I try Any help would be great.

    You can't display a private key with the command. This is not how this is supposed to work.

  • I have a few questions about getting from a*******8 to root. I think I know wheat needs to be done but need a slight nudge. Anyone available for PM?

  • Working on root and syntax for the s**-*****n command. I've found and am using the files of interest in the command, but still getting strange output. would be grateful for a PM hint!!

  • I'm still stuck on initial foothold. I've read every post in this forum and can't seem to make headway. I've got two users listed, got a hash, know what I can do with the hash, but still get a bad_network_name or bad_logon depending on the tool I'm using. I have a good idea as to what I need to do once I get my foothold, but I'm just stuck.

    Can anyone send me a PM with a nudge?

  • Nice box , spent all day struggling with user just to find out that I was using the wrong method to pass credentials I found in LDAP. Once I got a session on the box , got root in 10 minutes of enumeration BUT not through the same path as per the comments here , I think I have an unintended Priv Esc as far as I can see ...

    Hack The Box

  • What an insane box. Before someone PM’s me for hints on privesc, read this https://code.fb.com/production-engineering/scalable-and-secure-access-with-ssh/

  • Could someone go over a command i am trying to run with me? Just want to know if i am screwing up the syntax.

  • Hi, i got root but i wondering where you found info about ..B4ckd..? please pm me.


  • Been struggling with this most of the day. I can get ssh access to a + b account. I think what I need to do, but struggling to find the right principal. Can anyone give me some pointers for that specific issue?

  • OMG, nevermind, I just found it. Couldn't get command to work from commandline at all. All day I've been leaving out the "s messing up my request.

    Just going to kick myself.

  • there is a new way to get root super easy

Sign In to comment.