Irked

ROOTY ROOTY IN THE PATOOTIE!!! just got root lol Honestly, it was really easy don’t over think it.

Got user this afternoon and managed to get root this evening - woo! Everything you need is on the forum! Went down a bit of a rabbit hole for the priv esc, but then reviewed my enum script output properly and did some googling on each line. Once I found the odd binary, I had to reset the box as it wasn’t working initially (someone messed it up a bit…) Thanks for the help everyone. Happy to help if anyone is a bit lost

Hi everybody,

I’m stuck at the metasploit part for a while :frowning:
Pretty sure I got the right CVE, right port (there is more than one) and exploit but keep getting ‘‘but no session was created’’… i’ve tried multiple exploit and port, still the same.

Anyone had this issue ? Thank you!

Hi, Sorry for my bad inglish :slight_smile:

I’m already inside, I’m the first user to get all I imagine.
The problem is that I do not know what I’m looking for. It is my first machine. and I feel happy and frustrated.

some clue?

Finally got root! The hints are all here. Took me 4-5 hours tonight, just poking around until I found the right file to exploit.

alt-text

Rooted.

PM me if you need help.

Got user & root, no need of PE at all to obtain the flags since there’s a BIN (HUUUUUGE HINT) which can help you :slight_smile:

Hi. I’ve got shell via msf. Now looking at stego and binary with suid. I’d love to get a hint. Please PM me. either stego or howto to privesc (I can’t figure out on how to use the binary). Thanks

@kwong240 said:
stuck with user, not sure where can I find the b***** file, anybody can help??

Dear, files obscures are list when used command ls -a, try it!

You have to search well. and do not overlook anything.
You will get a file .b ************ No extension. And there the new adventure begins. Now what do I do with this?

Someone online in Pm? Call me please!

Rooted. special Thanks 4 Hack The Box And this post!

@persist said:
Thank you @MrAgent for the box and everyone on this thread, definitely learnt a lot.

I hope my tips are more thought provoking than just ‘enumerate… enumerate’ or ‘it’s right in front of you’ or ‘try harder’ which is never going to work if you don’t know where to look. Definitely didn’t work from me.

For user, if you’re still lost, you’re missing a concept that most CTF type challenges considers important. Try to extract as much as possible from the .*****p file and google as much as possible. That will lead you to a ‘method’ of hiding information that can evade monitoring systems from detecting it. Once you know what ‘method’ is being used, look for ways to extract info from it.

For root, which was non-trivial for me, look for programs that use higher privileged accounts and try to abuse them. What would you do to these programs who used higher privileged permissions so you could get root.txt ? To be very honest, I felt this part of the problem was like trying to find a needle in a hay stack. Please PM me if there’s a better way to find root.

Glad you liked it.

can’t figure out privesc. With the help of multiple people I seem to run the right file, but when running it I get ‘permission denied’

maybe this is a bad server. i already tried resetting the machine.

file had bad permissions

I dont seem to get anywhere with privesc. I found user.txt but dont have permissions to open it. Tried logging in with the other user but cant find the password. Any tips?

@TheTingGo said:
I dont seem to get anywhere with privesc. I found user.txt but dont have permissions to open it. Tried logging in with the other user but cant find the password. Any tips?

Privsec is not the way for user.txt. You need to look deep into the folder where you found user.txt. PM me if you need any help

@kri5hna said:
Privsec is not the way for user.txt. You need to look deep into the folder where you found user.txt. PM me if you need any help

Ahhh I found the hidden file :slight_smile: now to figure out what this means… thanks for the hint

got the user
any hint for root ?