Curling

Hi guys - new to HTB just finished irked - doing curling but stuck after getting user shell. I can see a------a— folder and to interesting files in there but don’t know how to tackle them. I have tried moving, copying, cating, tried signatures etc but no use. Anudge will be helpful - clear

I have been trying to get user.txt for over 1 day now, but I cannot seem to get a shell or any other info. I think I am doing something very simple wrong which is screwing everything up. I am able to log in as the user with the password found from the secret file. Can anyone DM me for a pointer? THank you.

Type your comment

hello. got root flag, but wanted to know the way to do it not downloading a file from internet. anyone willing to share knowledge please pm me

Root shell after quite a long battle! Feel free to PM me for help!

I just got root.txt the intended way. I dont think I couldve gotten it without all the hints. It’s not that easy! At least not for me.

This box is also vulnerable to a new and dirty Ubuntu privesc. Got root.txt that way earlier today (with the help from a friend).

stuck on the root shell I can read the root.txt file and I know what is going on in a***-***a folder. Any nudge on how to proceed. The suspicious switch does not have much information online on how I can tweak it.
Edit: nevermind got it. fun way to get root shell

nevermind, got it. fun way to get root shell

Stuck with priv esc to root. I identified the I**** file around the users dir but not sure whats going on with it or how to leverage it. I also know its being called with **** but again not sure the timing or something, please help!

Type your comment> @khalsa68 said:

Hi guys - new to HTB just finished irked - doing curling but stuck after getting user shell. I can see a------a— folder and to interesting files in there but don’t know how to tackle them. I have tried moving, copying, cating, tried signatures etc but no use. Anudge will be helpful - clear

You and me, both. I’m stuck in the exact same position. Anyone with pointers on where to go from here? It would be greatly appreciated!!!

PM me for hints …

Rooted! Was making this way harder than it was!
One “tip”: if you finished Overthewire Bandit you should have all the knowledge necessary to understand what is going on with th key parts, for root and user flag.

And if you need, pm me for hints :slight_smile:

Just joined HTB and for a first lab it is fun one!

I managed to get to user flag pretty easily but I am now stuck on root flag and could do with a couple of hints.
I noticed the files and that there is some c*** running but cannot see where. Based on the box name I also suspect I have to use c*** tool too for this one.

Am I on a good path? I am clearly missing a piece and can do with a small nudge :slight_smile:

Got user and root. Struggling with root shell. Could someone give me a hint. I know the files and command running.

Thanks

@avjeeves said:
Just joined HTB and for a first lab it is fun one!

I managed to get to user flag pretty easily but I am now stuck on root flag and could do with a couple of hints.
I noticed the files and that there is some c*** running but cannot see where. Based on the box name I also suspect I have to use c*** tool too for this one.

Am I on a good path? I am clearly missing a piece and can do with a small nudge :slight_smile:

See what you can put in one of those files you found. Then let the c*** do its thing

OK… one member change f****** user password … no thx !

I believe that I am overthinking this process, could someone give me a push, I need any and all help…

please PM for what to put in i**** file

Same as cognitiv3. Any tips for what to put in i****? Everything I’ve tried has resulted in the same user. For the record, looking for a shell.

@cumulus thanks for the tip, I was very close but over-complicating things… Got root.txt and root shell now.

@Grim120 did you manage to get root.txt? then think how you could use the same technique on other server artefacts