Irked

1212224262729

Comments

  • Hints

    user

    If you are lazy you can use a famous tool to make the work for you. just enumerate and you will find the good point. Note that not all the boxes are sames.

    root

    Enumerate all your system, if you are confident with linux, you will find a strange thing. If not its the timeto enumerate all possible holes.
    Just try to play with it and fix problems like a normal user.

    PM for hint if needed.

  • i only got the user hash after getting root... please PM how come so many people were logged in as that other low priv user...?

  • I have tried SO many enumeration methods at this point... I tried an i** exploit with metasploit, but nothing has worked... Have been stuck on the enumeration part of this box without even getting a low-priv shell for the past 6 (almost 7) days. I've read through all 24 pages of this thread numerous times now. Googled, Googled again, Googled 20 more times... Nothing has worked. I'm ready to just give up and try a different box, honestly. I think I need a break.


    Hack The Box
    defarbs.com | Retired Machine Writeups! - "Let me just quote the late, great Colonel Sanders, who said, 'I'm too drunk... to taste this chicken.'”

  • Type your comment> @Farbs said:

    I have tried SO many enumeration methods at this point... I tried an i** exploit with metasploit, but nothing has worked... Have been stuck on the enumeration part of this box without even getting a low-priv shell for the past 6 (almost 7) days. I've read through all 24 pages of this thread numerous times now. Googled, Googled again, Googled 20 more times... Nothing has worked. I'm ready to just give up and try a different box, honestly. I think I need a break.

    The I** exploit is the way to go. Make some adjustments to the MSF.

  • @Optional said:
    Have managed to get a shell using MSF, found .b***** but struggling to find the binary needed. Haven't managed to get root or user yet.

    try g0tmi1k.

  • Done. I really enjoyed getting user on it, very easy and didn't take vary longs as long as you enumerate correctly. :smiley: But still very fun.

    Sadly, the road to root is meh... I see some people saying this box is more "ctf" like, which I didn't really get until i got root. But it is true what people are saying, its starring you right in the face, just think about what is different from your own machine. (sorry cant say much more than that)

    For people looking for hints, just read through the earlier posts. There are so many hints, and its not a very difficult box. Take a deep breath, and try harder.

  • edited March 2019

    Hack The Box

  • I got a reverse shell with i**d user but can't get the dj one. I don't understand where to find the passphrase file for the steg

  • i got it. Try harder...

  • this box was really fun - it took me a while and a bit of frustration but finally, I got it :smile:
    feel free to DM me for pointers :+1:

  • On the box, and have enumerated the d******* user. Also ran ./L***** to try and get somewhere with privesc, but haven't managed to find that "thing" everyone seems to be talking about... I'm pretty unfamiliar with general Linux processes, so this is proving to be more difficult for me than I'd imagined... Anybody willing to provide a nudge? It'd be greatly appreciated :)


    Hack The Box
    defarbs.com | Retired Machine Writeups! - "Let me just quote the late, great Colonel Sanders, who said, 'I'm too drunk... to taste this chicken.'”

  • A nice box, definitely learned a lot again and brought me back into it after having to take a break for some time. After a nudge or two from @4r514n I stopped blinding myself. Thanks for the box! :)

  • edited March 2019

    Got user flag in about 20 mins and then spent around 1,5h slamming find and reading through lists of files looking for something out of the ordinary. More linux knowledge would have made this much less painful and slow so time to update the good old studying list for the nights to come!

    Thanks for the challenge!

  • nice box, took around 5 mins to get a shell, another hour to find user and another hour after that to get root. (Mainly because I was expecting it to be harder than it was and went down a rabbit hole)

  • Managed to get user after a struggle of figuring out how to use s************.

    Now I'm stuck on finding the appropriate binary. I think I might know which one it potentially is but I don't think I'm using it right. Can someone PM please and confirm if I'm on the right track?

  • edited March 2019

    Hello Community! On the box, I got the User access somehow. Now, I'm unable to get root. Have Googled i** exploit and most of the tutorials showed a root access. Can someone guide me through this? Also, have enumerated and found a few doubts. Whom can i pm?

    EDIT: Thanks @4r514n and @merlinthebox! Got Root!

  • So from the low privileged shell straight to root, I have no clue what the .b***** file is or where the steganography part was involved. Can anyone tell me if this was the intended way? I just got a reverse shell and then abused a binary, was user needed?

  • I was stuck on priv esc for a long time but I finally got root after taking a break. This forum was plenty to help me and I don think I would have got root without it. Definitely learned a lot more about linux! Great beginner box. The steg part was fun :) Feel free to PM if you have questions, even though I'm sure there are more experienced people in this forum that can help too

  • Finally got root, directly went for root instead of going for user and then root
    Nice box!

    hint for root: just look for unusual binaries

    Hack The Box

  • edited March 2019

    GOT ROOT PING FOR HINTS

    image

    ------- MrBlackHat -------

  • Lolz once root system and get flags, just remember to remove your poc or footprints. Make clean for next tester.else it is very irritating .
  • I have owned the machine. The way I go to get root & user it's weird. I compare it to the wirte ups available and no one did like me. Someone who ownd the box can pm me to discuss of it ? :) Thanks in advance!

  • Type your comment> @Naerz974 said:
    > I have owned the machine. The way I go to get root & user it's weird. I compare it to the wirte ups available and no one did like me. Someone who ownd the box can pm me to discuss of it ? :) Thanks in advance!

    Where you got write-up
  • @vilu Write ups are available on the github of HTB. To have the right to read it, you need to specify the root.txt hash as password

  • Can't seem to get the metasploit working even though I'm certain I've used the correct options can someone PM me with advice?

  • I have user. I have enumerated some processes running as root and have a theory to get to root, but my ideas haven't translated to any pwnage. Can someone DM me a nudge?

    Hack The Box
    Follow me on Twitter: @C_3PJoe

  • edited March 2019

    Going for root: found something weird running that had a name that made sense wrt to the username. There's an privesc exploit for it, but it says I don't have the permissions...

    The look for something unusual sounds like a good plan, but after doing LinEnum I have pages of stuff that looks unusual to me :(

    Might have to ask for hints on this one...

  • I hate to ask for help but if someone could spare a minute for me to see if what I'm doing should work? I am working on the i** service but the stuff I'm trying is failing and I thought for sure I had it figured out.

  • edited March 2019

    Got it. This thingy demanded no exploits from me at all, just meticulous enumeration. Notice the unusual. If only other ones were so straightforward)))

  • Type your comment

Sign In to comment.