• Finally got Root! This was my first box without following a tutorial and I am so excited to have completed it.

    Once I got user I started to enumerate the box. Because I am fairly new to Linux I ended up downloading an ISO of the version of Linux this box is. I then ran the same scripts on the default Linux box and started comparing the two boxes. This allowed me to see how the box is normally configured, then it just took some trial and error.

  • Finally got root. So painfully obvious I didn't even consider trying it.

    Thanks for the very strong shove @3zculprit!

  • Finnaly got root! Thnks to @n0tspam for the tip!

  • edited December 2018

    Nevermind, persistence paid off.

  • This box is easy. Do not overthink. Do simple enumerations.

    hint for user: its almost a crypto ctf challenge ;)

    Root: Read past hints .. the answer is already in your enum script output.

  • rooted, nice box :)


  • edited December 2018

    Got user, struggling for root many days, lot of enumeration, tried exploits for all services running but no luck... Any hints?

    Got root.txt , thank you @jkr for the help!!!

  • @manick69 said:
    Got user, struggling for root many days, lot of enumeration, tried exploits for all services running but no luck... Any hints?

    wish i can help you we are both stuck in the same problem, if i found something i'll pm you!

  • Finally done, got root shell. This was my first time with such type of priv esc. Learned a lot. Pretty sure it is a basics of enumeration.


    Hack The Box

  • anyone can give me some hints please ?

  • man i feel dumb that it took so long to get root. so so so dumb. i went down rabbit holes, found things that were actual privesc bugs and gt fixed loong ago. maker really give a lot of options to fall into. hate myself for not trusting my gut.

  • any hints for the privsec ?

  • Finally done with this box! Enjoyed it quite a bit. Message me for hints if needed!

  • edited December 2018

    Im SSH'd in as user, and ran all 4 of my enum scripts. etc.. Any hint would be appreciated.

    Rooted. Lots of rabbit holes. Google any binaries you are not familiar with. I went through all SUID binaries one by one. You will find it.

  • prhprh
    edited December 2018

    I've been trying to leverage one of the binaries. I believe this article is very usefl, but can't move on. Appreciate any PM or Hint

    Finally rooted too, thank you jkr and Baikuya for the hints

  • Finally rooted... Damn, this one made me feel like a moron...

  • Hi everyone, I'm stuck getting the root flag, I entered with ssh to the user acc and used but I can not figured what I have to search, I don't know if I'm on the way, pm me for hints pls :)

  • give me hints please, I tried to enumerate and googling the result, but can't manage to get anything even a low shell.

    any advice would be appreciated.


  • @xterm said:
    give me hints please, I tried to enumerate and googling the result, but can't manage to get anything even a low shell.

    any advice would be appreciated.

    Send me a P.M. with what you have and i can help you!

  • Any documentation to get the root
  • Any documentation to get the root please !
  • Hunting around SUID but totally lost, got a few ideas, anyone, able to help?

    Other posts dont mean much to a noobie...

  • edited December 2018
    You have to find a famous script on the machine which it try to find a misconfiguration that could allow to priv esc. Run it and analyze the results. You will find a strange linux command line, then you can find root.txt.
  • edited December 2018

    Hi guys! So this is my first attempted box. I obtained user sucessfully, i've read the u***.txt file but not sure what to do with that... I have been trying to leverage one of the binaries but so far no luck :(

    pm me for hints and advice please! thanks

    Edit: I finally rooted the machine ! xD thanks for everyone for giving the hints. Tip from me:
    This article helped me a lot, goodluck everyone!

    Hack The Box

  • Rooted.

    User was a lot of fun for me, some cool little things that I hadn't done before, so that was great.

    Root, well, sure. For as much as I don't like the hint of "just enumerate more" it's really the only answer. There are a few rabbit trails, which I actually appreciated, I sort of like the frustration that it adds. Masochist? Perhaps. I think it's a bit real-world, there are plenty of things which are really close to being something to exploit, but in the end they aren't. I like that. Root took me a bit, but that's fine, part of this place is the thrill of the challenge and the feeling of accomplishment in the end.

    Anyway, all-in-all the box was fun.

    PM me here or hit me up on NetSec Focus for any hints.


  • Got Root! Thanks you @3zculprit for the nudge.

  • finally rooted. Someone was messing with the files and i went down a 6 hour long rabbithole. Really anoying. But i actually learned a lot from it.

    Just another reminder that you should do enumeration multiple times, in case "something" is missing or incase you didnt see it the first time.
    Once you see it it's REALLY simple.


  • edited December 2018

    Guys someone can please give me some hint in PM? I'm stuck to root :P. I enumerated a lot of times but i can't understand which is the program vulnerable.

    EDIT: Finally i got root, thx all for hints. Guys some times restart machine, i found it full of shit, too much hints, and the root flag in tmp


  • edited December 2018

    Hello all. It seems to me that I can barely connect to the I** server (constant disconnects, and the ports sometimes dont work-- sometimes they do).
    This makes me unable to send my dear payload. Is this because of the server I am in? It gets stuck at the AUTH notice.

    EDIT: Rooted. For anyone wondering, the payload was sent succesfully in Windows but not in Kali for some reason. Maybe Kali has slower internet or something .
    The root was very easy privesc (in fact, way too easy, I would appreaciate someone that PM's me). Now for user.


Sign In to comment.