Curling

12627293132

Comments

  • Rooted! Was making this way harder than it was!
    One "tip": if you finished Overthewire Bandit you should have all the knowledge necessary to understand what is going on with th key parts, for root and user flag.

    And if you need, pm me for hints :)

  • Just joined HTB and for a first lab it is fun one!

    I managed to get to user flag pretty easily but I am now stuck on root flag and could do with a couple of hints.
    I noticed the files and that there is some c*** running but cannot see where. Based on the box name I also suspect I have to use c*** tool too for this one.

    Am I on a good path? I am clearly missing a piece and can do with a small nudge :)

  • Got user and root. Struggling with root shell. Could someone give me a hint. I know the files and command running.

    Thanks
  • > @avjeeves said:
    > Just joined HTB and for a first lab it is fun one!
    >
    > I managed to get to user flag pretty easily but I am now stuck on root flag and could do with a couple of hints.
    > I noticed the files and that there is some c*** running but cannot see where. Based on the box name I also suspect I have to use c*** tool too for this one.
    >
    > Am I on a good path? I am clearly missing a piece and can do with a small nudge :)

    See what you can put in one of those files you found. Then let the c*** do its thing
  • OK.... one member change f****** user password .... no thx !

  • I believe that I am overthinking this process, could someone give me a push, I need any and all help.....

    Hack The Box

  • please PM for what to put in i**** file

    cognitiv3

  • Same as cognitiv3. Any tips for what to put in i****? Everything I've tried has resulted in the same user. For the record, looking for a shell.

  • @cumulus thanks for the tip, I was very close but over-complicating things... Got root.txt and root shell now.

    @Grim120 did you manage to get root.txt? then think how you could use the same technique on other server artefacts

  • Hello guys! It's my first machine. Can you please help me. I did a RS and found u*****xt file and pass**********up file. I don't know what to do next. Thank you

  • Please PM I stuck on priv esc

    Arrexel
    Ask for hints only please and give +1 respect if you like my hints. Thank you

  • edited March 2019

    figured out the input file (to read flag, not get shell), PM for hint

    cognitiv3

  • If anyone is stuck on the pa******_****up file, go check out CyberChef by GCHQ, its a great decryption tool

  • Fun box. certainly learned a couple things on the way.. Thanks to the creator.

  • edited March 2019

    can anyone PM me with syntax for a script to monitor a file? been using lsof, but its not quick enough to catch the write, so I cant figure out where the job is coming from.

    EDIT:, never mind... Over thinking things... have root.txt and root shell pretty quickly and easily once I took a step back.

  • edited March 2019

    Hi,
    I've completed the box, If you need help, just pm me :blush:

  • edited March 2019

    Hack The Box

  • hi all i need a bit op help im tring to get user but im stuggling to convert the bz2 file to a gz file, just changing the extenstion dose not work. Aaaarrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
    mv password password.gz ------- its still classed as compressed file but not a gz file

    hope you can help

  • Hey guys! Can anyone shed any light on why a certain file may not be decrypting so straightforwardly? How could you structure its decryption? I have had a go with cyberchef and dtrx. Still got a sprinkling of gobbledygook. Time for a brew

  • edited March 2019

    Can someone PM me regarding the p*******-b***** file? I've read all the hints in here and tried everything I can think of...

    EDIT: nvm... FINALLY figured it out

  • For the p*******-*****p file, look at magic numbers. Those will help figure out what a file is. Cyberchef has a great "magic" component that can help

  • Type your comment> @cycloneripper said:

    hi all i need a bit op help im tring to get user but im stuggling to convert the bz2 file to a gz file, just changing the extenstion dose not work. Aaaarrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
    mv password password.gz ------- its still classed as compressed file but not a gz file

    hope you can help

  • hi all i need a bit op help im tring to get user but im stuggling to convert the bz2 file to a gz file, just changing the extenstion dose not work. Aaaarrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
    mv password password.gz ------- its still classed as compressed file but not a gz file

    hope you can help

  • edited March 2019

    hi guys. could somebody help me with p*******_b***** file? the question is how this decrypting works..

  • Type your comment> @mortone said:

    hi guys. could somebody help me with p*******_b***** file? the question is how this decrypting works..

    level 12 of Bandit on Over The Wire, search for it, you'll understand...

  • can someone please drop me a message, pretty sure im in the final stages of root on curling, but cannot seem to nail it down

  • I read most of the comments, but still couldn't get the root shell. I am looking into a-a directory and still couldn't get a clue. Can someone PM me a hint?
    Thanks in advance...

  • Stuck on getting a shell uploaded on the joomla admin panel, tried editing the templates, installing a simple file uploader but nothing seems to work, anyone able to nudge me in the right place?

  • edited March 2019

    got user and root flag, still working on a root shell but not really sure if I am overcomplicating it. Anyone willing to give a hint in PM?

  • Type your comment> @Parrrs said:

    I read most of the comments, but still couldn't get the root shell. I am looking into a-a directory and still couldn't get a clue. Can someone PM me a hint?
    Thanks in advance...

    Edit the files, watch the files. See if you can catch whatevers happening to them. Then read the manpage.

    @c4m said:
    Stuck on getting a shell uploaded on the joomla admin panel, tried editing the templates, installing a simple file uploader but nothing seems to work, anyone able to nudge me in the right place?

    PM'd you.

Sign In to comment.