Hint for HELP

I have rooted Help. However i set the time on my machine in order to do that thing. If someone has done that thing without setting the time on their machine would you mind sharing that knowledge with me

I did not set any time it was not needed that threw me for a bit when i initially did my recon on this box but i ignored that hint and it proved to be a basic but very enjoyable box

Very cool box. User was a bit hard for me, been there for few days. Root was really easy, took me around a minute to own it. Going in again for the higher port and trying to get root without exploits.
User:
Make sure you know how the timing in python works and how it works in php. There’s kind of delay there. Make sure you’re listening to the port while looking for the file. If you read the script you’ll realize that its loads the page anyways

User & Root.

Nice box, PM if you need some HELP :wink:

Finally rooted, pm me for hints!

If you want any help, you can pm me :smiley: I got root :star:

finally ROOTED…
feel free to PM me for hints!!!
https://www.hackthebox.eu/profile/56044

Rooted :slight_smile: user was a little bit tricky :B but root was simple :slight_smile: . Awesome box! Feel free to PM me

User & ROOT :smile:
Reading through the comments I was confused about the time travel because for me it worked out of the box, and then I realized where I live :tongue:
Nice box! :smiley:

Type your comment> @tobor said:

I have rooted Help. However i set the time on my machine in order to do that thing. If someone has done that thing without setting the time on their machine would you mind sharing that knowledge with me

You can always adjust the exploit to use the right time.

user and root. Fun but user was tricky.

Could I get some help on how to get the file uploaded?

Rooted PM for hints… :slight_smile:

Hello,

Someone can give me clues to the root of the help box

Greetings

The hints spread all over the thread should be enough to guide you on the right path, if that isn’t the case I’m open for PMs.

Got user & root. Anyone want to PM on the port *000 route for finding creds? Not familiar with that language/framework.

Hints for user:
Make sure your time is automatic.

For root: basic priv esc. Article below shows general steps, but the exploit won’t work for this box.

Ofcourse a few minutes after i ask for help, i manage to upload a file…

Great box. Detail is everything.

User had me stumped for days… “Try Harder” is an asset when approaching this box.

Root, just follow VERY basic enumeration.

The biggest takeaway and hint from this box for User and Root is: TRUST NOTHING!!!

hello everyone,
who could help me take root?

i’m get root!

Thanks for the box. As for the usual statistics in case anyone is interested: user flag took about 2 hours of on and off poking and figuring out a bunch of small problems to get it to work. Root flag took about 30 mins.