Curling

got root.txt ,
but stilll dont know how to get root shell, please PM me if someone get root shell already.

EDITED: now got the root shell, thank you.

feel free to PM me if need a hand

Tried scanning with joomscan, joomlavs, nmap… browsed directories as a result of joomscan… got the username too on blog i.e. F***** ,saw s*****.*** on the page source at the bottom of page. tried many combinations of usernames and password but unable to access. first time trying on joomla… also people commenting overthewire level 12, i have completed it upto level 20 or something so that would be easy then. please help , message me.

Hey all, I have a reverse shell as w**-d***. I see the p*******_b***** file. I ran “file” on it, looked up the magic bytes. File says it is a**i, and the magic bytes says b2. I’m stuck at figuring this file out. Can someone PM me with a hint or point me in the right direction? Thanks!

@RagsFTW try to fix the file with its extension b**2 by using xxd with the right option

@nadia said:
@RagsFTW try to fix the file with its extension b**2 by using xxd with the right option

Got it! Thanks! On to root…

Hello. Please help on on curl options. I’ve got user fl___s creds, ssh’d to the machine, enumerated the a****-*a and found how the two files are being constantly edited, but I’m not sure how to get cl to work the way I want it to. Please DM me. Thanks

Yezus, stop overwriting the index.php with upload … rly just create some another page…

root

already got the user.txt but still don’t know how to priv esc. a bit lost with the a—n-a–a, the two files there and the whole curling. PM with hints on priv esc are appreciated.

i am noob trying hard since 24 hour lol get user but now stuck in root but i will get it thanks for hints guys this machine explode my brain

Just want to thanks htb and maker of this machine i learn lot from this machine

Got root

I get the root
So to help others solve this challenge i will give you some hints:

  • there is a process you can list it using a famou script in this machine. From this output you will see a command with the name of this challenge.
  • edit the file that you see used with this command with something you want to know.
  • finally, don’t execute any command, just whatch the size of the output to open it after.

PM me if you need more details.

Well, that was some run ^^ r00t3d ^^

If anyone wants some help go on PM me but I’m not giving 100% that I will help you since there are many ways to get this machine done :+1: just went the “just go by the flow” and it aimed me into beating this one :smiley:

The first is website look into the “StarWars - May SOURCE be with ya” usr is on the main page just look for “Minecraft SIG Nature”
Second is to msfexploit the website look into administration :smiley: and what can you do with it “again SOURCE MAY BE WITH YA” but just don’t do it on main page :smiley: (no idea how? PM me) :dizzy:
got meterpreter? good for ya getting USER is same as every machine here
ROOT: well look for interesting files in pwd try to change them a little and come back later just go for coffee look at them again are they same? no ? good for ya found it now who changes them? exploit it! got root.txt flag ? GOOD JOB :+1:

Was fun for the third machine now onto a little bit harder :relaxed: G00D L: :CK!

read article on c***, tried c*** commands on the a-a dir for more info… the html code retrieved is of shell scripts, people are repeatedly uploding ss on i****.p. checked process wit h, ps commands…got only --c****-a with c***** writen on it’s right. pls help, don’t know what to do next

.

@yunaranyancat said:
.

any suggestions ?

@sh4d4b said:

@yunaranyancat said:
.

any suggestions ?

hmmm, try to find a relation between different folders in the directory… and , edit something so you can get what you want instead of what it showed you.

I was able to read the root flag but I can’t seem to get a root shell. I got passwd and shadow but I have a feeling decrypting root password for root shell is not the correct way to go. Can someone give me a hint on getting root shell?

Edit: nvm I got it :slight_smile:

just got a reverse shell with “www-data” priviliges…don’t know what to do next…any help would be appreciated !!

Finally I got User, PM for hints.

And can Someone Hint me about Root ? I’m on the A****-***A but i dont see what to do !

@yunaranyancat Got root flag… What about root shell ?