Irked

rooted,

trying so hard to find the exploit, but someone patch that vuln , thanks for @masterrabbit ,without you I will stuck mate.

Anyone needs help with stego pm me

Unable to connect using metaspolit today when I was connecting fine with it last night. Can anyone PM me with some help would be greatly appreciated.

@masterrabbit said:
Rooted! This was such a headscratcher for a PenTest beginner, but I learnt a ■■■■ of a lot.
I can now see why this is rated fairly easy.

Here are my tips now I have rooted:

User -

First things first, simple basic recon. Make sure your scan is set to capture more than just the basics. Start to learn how to use nmap rather than the Zenmap GUI.
There are a few articles online that discuss the types of scans you can run. A simple Metasploit search on your findings will give you a shell.
Next, all I can say is look around your folders. " ls -a " will help. The rest of the hints are all over this thread.
Finally, with the contents of the discovered file, there is a big hint. I had to learn to use a Linux s*** tool rather than windows, the file you need is obvious and is one of the first things you’ll see when you start this box.
I gathered the low priv user shell and user flag after this.

Root -

This was a real lesson for me but learnt a lot. What others have said in here is true. Enumerate the host as much as you can. Below I will link what helped me…
Here you will find a specific binary file, you need to pull out the readable data and you’ll find something you can have a play with. After that its a simple go-to hacker move to give you the root user shell and flag.

Here are some articles I found helpful:
Nmap Cheat Sheet and Pro Tips | HackerTarget.com
Steganography in Kali Linux - Hiding data in image - blackMORE Ops
Basic Linux Privilege Escalation - g0tmi1k

Exploiting SUID Executables | Pen Test Partners

Hope this helps, have deliberately tried not to give too much away to keep in line with the rules.

PM if you need help

(thanks to all who helped)

Many thanks! I haven’t solved either of these yet, but I find this kind of help the most beneficial to learning and not banging your head against the wall for hours. Thanks!

root

Finally rooted it. thanks, @sixtonspacefly

Fun CTF style box. I really enjoyed it. Same as a lot of people here I spent a lot of time figuring out the PrivEsc part. Which in the end is very simple. But if you aren’t at all familiar with this method, like me, you’ve got some learning to do before you can own the box.

I think the best hint for root is to compare what you have on your attacking system with what is on Irked. Once you find this file, you’re on the track to owning the system!

For those still stuck, keep on and “try harder”, you will learn something in the end. Shout out to @sixtonspacefly for the subtle nudge I needed to get on the right track.

Not sure i got root the intended way, anyone could PM me and discuss solution? :slight_smile:

Got the user flag, stuck in priv esc. Read all the comments and hints but still can’t get the file. I looked at the files with sticky bit set, but now sure which to choose and how to exploit that binary. If I am looking at wrong place please can someone redirect me? PM me on which binary to look for, please.

Hi I was wondering if anyone could help me get through the first step please just a little nudge would be nice I have an idea but some reassurance would be nice

Finally got root. The key is to enumerate and find potentially exploitable suid. Run you favourite enum script on your personal box and compare suid. A couple of them will be off. This helped me narrow down the vulnerable suid. From there just run the program using strings to see how it works. The rest is to spawn a shell using it. Cool Box by the way.

Hello. I manage to get the user shell. But I can’t able to find a way to get root. I enumerate a lot and I read the posts that is written in the forum. I think Im in the right way but can’t manage to get the root yet. Can anyone PM me and give me a hint?

EDIT: Got the root. @Jkr Thanks for help.

Anybody willing to send me some help? I’ve gained low priv shell but i’m not sure what to do now. I’ve done some enumeration but this is my first box on Hackthebox and i’m not sure what to do next. I’ve been searching for some time now and am ready to start pulling some hairs…

Well, that was some run ^^ r00t3d ^^

If anyone wants some help go on PM me but I’m not giving 100% that I will help you since there are many ways to get this machine done :+1: just went the “just go by the flow” and it aimed me into beating this one :smiley:

The first is nmap all ports watch out for hidden ports,
then use msfconsole after you exploit it to find files,
then learn steganography and get user.txt,
root is easiest just find binary > enum perms > use binary > got root.txt

Was fun for the second machine now onto a little bit harder :relaxed: G00D L: :CK!

got limited shell and can read .b***** file using s******s but dont know what it is pointing to!!! Any hint

Got the user.flag !!!
thanks @jkr

@wish said:
got limited shell and can read .b***** file using s******s but dont know what it is pointing to!!! Any hint

Got the user.flag !!!
thanks @jkr

The first line of it contains all necessary info. Focus to steg !

@Seth70 said:

@wish said:
got limited shell and can read .b***** file using s******s but dont know what it is pointing to!!! Any hint

Got the user.flag !!!
thanks @jkr

The first line of it contains all necessary info. Focus to steg !

Or just forget the steg and go directly for root -:slight_smile:

Struck at priv esc!!!

rooted !!! thanks @Impulse and @Chricatanese46

rooted, found the unusual thing by humbug, wondering if someone could PM who found it “the right way” and explain it to me a little better