Curling

I have just got the root flag and was wondering if anyone manage to get a reverse shell as root?

Could anyone help me for getting the root.txt and root shell? I am stuck for a long time after got the user.txt, thanks.

Update:
Got the root.txt, thanks @jkr . Working on the root shell right now, maybe need some hints for that, thanks.

Help me, please. Now, i got admin panel in joomla

@zav4ik said:
Help me, please. Now, i got admin panel in joomla

Look at the environment and think how you could get a stable shell.

rooted this machine if anyone need help feel free to pm :slight_smile:

got user and root but did it through shell and some help. could someone who did it the conventional way give me a nudge on doing it through c***?

Got login credentials, I might have found a way to get a reverse shell but always get “WARNING: failed to daemonise” with error 110 or 111 every time.
Is it possible to get some help ? Thanks !
EDIT: Got user, trying to get root now
EDIT2: Finally got root, way too much overthinking, try to understand what is going on in a****-a*** with the files and you’ll see it instantly !

just finished this. great box!
user and root was way easier that the initial foot hold in my experience. but the methods are also something i have more experience with.

Not gonna lie as web frameworks are a weak spot of mine. the initial took me hours.
it didn’t help that i was spoiled when getting to the site the first time and someone defaced the main page. it was subtle but with the rating on this box i thought maybe it was meant to be there plus the box had just been reset. even reading the code it looked legit. once i got in though the box got reset again. i had to figure it out myself and since i knew there was something on the site i could use(just couldn’t see it anymore) i spent hours trying to do it…wrong. i was eventually able to figure it out myself after giving up and starting over from scratch. rebooting the box. and doing proper enumeration.

i make it a point not to deface any public pages on the boxes. as that screws up beginners that don’t know what they are doing(like me :)). i got lucky and the box was reset. but if i had solved this right away when i first got shell i would not have learned anything. if anyone reads this…please don’t deface the public pages of sites. it ruins the experience for the rest of us.(i understand some boxes require editing config pages and such. but this one 100% could be exploited without making it public).

I got the reverse shell, however don’t know how to proceed further, I have gone through all the discussions. Any help?

You hit your head when things are too obvious. Learnt the concept “Try smarter more than try harder” hard way :open_mouth: Got the root shell but not so stealthily.

Rooted. Interesting little box.

There is one thing I cannot figure out though. Specifically why the system does a certain thing. Can anyone PM me so I can elaborate?

FINALLY ROOT SHELL. :relieved:
This was a really simple machine yet it took me a lot of time and work hard to get root shell.

I hope this is not a spoiler but for those seeking for root shell: the usual tool does not work, at least not with it’s built-in options :wink: One should check versions ALWAYS!! (that’s my learning).

Just got user and root, but I’m struggling with the root shell even though I can read the files from /root/. If anyone who have done that could PM me, I’d really appreciate

EDIT: Just got a root shell
The hint here is to don’t jump the obvious.

Hello guys … can you help me please … i got user.txt … but i don’t know what is the next step to get root … can someone PM me Please :slight_smile: thanks in advance

I am stuck hard with those two files in a****-a*** ? help please :frowning:

Solved it, only now to decipher boath flags from files :slight_smile:

And done boath :wink:

Guys Im kind of noob and I really got stuck on that machine and need some help. Tried met exploits agaist ja but none of them worked. Tried to look in the se c**e and found s***t file , decrypted it but the information didnt helped me for anything.

@nervus said:
Guys Im kind of noob and I really got stuck on that machine and need some help. Tried met exploits agaist ja but none of them worked. Tried to look in the se c**e and found s***t file , decrypted it but the information didnt helped me for anything.

Me***t exploits won’t work here. You need something simple than that. Once you’re into admin page of the service ja, what can you do with it? any sort of backdoor?

Drop a message here Login :: Hack The Box :: Penetration Testing Labs if you need any nudge.

Curling was not particularly difficult compared to some of the other machines out there. PM me if you need some assistance/hints.