Hint for HELP

Did b**** si and got user and pass but I am unable to use them to gain further foothold, can anyone pm me for more information? I even tried to s1(password) to use for lower port

Type your comment> @t4a1 said:

Did b**** si and got user and pass but I am unable to use them to gain further foothold, can anyone pm me for more information? I even tried to s1(password) to use for lower port

So I am able to login to admin area, however I have no clue how to further my foothold, am I going to use the same vul everyone is using? How did those that did using b**** s**i managed to get the user other than admin?

Hi,
I have this question bugging me , If time() in python returns epoch. how would timezone make a difference.?

Rooted Done and dusted a lot of false rabbit holes in this discussion the box was a piece of cake

Type your comment> @Hashbyte said:

Hi,
I have this question bugging me , If time() in python returns epoch. how would timezone make a difference.?

Asking that myself. Really strange behavior. But it also seems that PHP time() is timezone relevant.

EDIT:
But as I understand from time — Time access and conversions — Python 3.12.0 documentation epoch just says January 1st 1970 00:00. So it could be timezone based as this date may differ.

Well in this instance theres now to worry about i read some of the hints and was sweating as i needed this box for elite hacker and when i read the hints i thought oh wow nope was the easiest box on the active machines in my humble opinion

not too easy for noobs though as theres definately some gotchas right at the beginning

remember dont always believe what you read

So lovely to do a machine without Metasploit oh how i hate that program many thanks to the creators of this box i loved it

nvm

Got root, nice machine.

Some hints :

##User
if you find a tool/CMS,program,… that is opensource, try to download it to :

  • search for files that are useful to get version
  • install on a local area with full log and with your config

Now you can test all sort of attack and see if it work, or understand why not.
Other advice : if you find an exploit, read and understand it fully, modify it to get it work on your local area, many exploits don’t work out of the box, but if you are correctly enumerate, you can guess that you are on the right way.

root

Take some time to get a ‘real’ shell (in a ‘real’ shell you can enter a password to sudo, use interactives commands, etc.). If you can’t enter a password when you type sudo, its not a real tty shell.
I think I Can’t give some hint without spoil. As usual enumerate your system and you will get the solution.
If you are lost on priv esc, maybe you need to work on a checklist, a good starting point : Basic Linux Privilege Escalation - g0tmi1k.

Feel free to PM me if you want some hint.

I have rooted Help. However i set the time on my machine in order to do that thing. If someone has done that thing without setting the time on their machine would you mind sharing that knowledge with me

I did not set any time it was not needed that threw me for a bit when i initially did my recon on this box but i ignored that hint and it proved to be a basic but very enjoyable box

Very cool box. User was a bit hard for me, been there for few days. Root was really easy, took me around a minute to own it. Going in again for the higher port and trying to get root without exploits.
User:
Make sure you know how the timing in python works and how it works in php. There’s kind of delay there. Make sure you’re listening to the port while looking for the file. If you read the script you’ll realize that its loads the page anyways

User & Root.

Nice box, PM if you need some HELP :wink:

Finally rooted, pm me for hints!

If you want any help, you can pm me :smiley: I got root :star:

finally ROOTED…
feel free to PM me for hints!!!
https://www.hackthebox.eu/profile/56044

Rooted :slight_smile: user was a little bit tricky :B but root was simple :slight_smile: . Awesome box! Feel free to PM me

User & ROOT :smile:
Reading through the comments I was confused about the time travel because for me it worked out of the box, and then I realized where I live :tongue:
Nice box! :smiley:

Type your comment> @tobor said:

I have rooted Help. However i set the time on my machine in order to do that thing. If someone has done that thing without setting the time on their machine would you mind sharing that knowledge with me

You can always adjust the exploit to use the right time.

user and root. Fun but user was tricky.