Irked

i only got the user hash after getting root… please PM how come so many people were logged in as that other low priv user…?

I have tried SO many enumeration methods at this point… I tried an i** exploit with metasploit, but nothing has worked… Have been stuck on the enumeration part of this box without even getting a low-priv shell for the past 6 (almost 7) days. I’ve read through all 24 pages of this thread numerous times now. Googled, Googled again, Googled 20 more times… Nothing has worked. I’m ready to just give up and try a different box, honestly. I think I need a break.

Type your comment> @Farbs said:

I have tried SO many enumeration methods at this point… I tried an i** exploit with metasploit, but nothing has worked… Have been stuck on the enumeration part of this box without even getting a low-priv shell for the past 6 (almost 7) days. I’ve read through all 24 pages of this thread numerous times now. Googled, Googled again, Googled 20 more times… Nothing has worked. I’m ready to just give up and try a different box, honestly. I think I need a break.

The I** exploit is the way to go. Make some adjustments to the MSF.

@Optional said:
Have managed to get a shell using MSF, found .b***** but struggling to find the binary needed. Haven’t managed to get root or user yet.

try g0tmi1k.

Done. I really enjoyed getting user on it, very easy and didn’t take vary longs as long as you enumerate correctly. :smiley: But still very fun.

Sadly, the road to root is meh… I see some people saying this box is more “ctf” like, which I didn’t really get until i got root. But it is true what people are saying, its starring you right in the face, just think about what is different from your own machine. (sorry cant say much more than that)

For people looking for hints, just read through the earlier posts. There are so many hints, and its not a very difficult box. Take a deep breath, and try harder.

Hack The Box

I got a reverse shell with i**d user but can’t get the dj one. I don’t understand where to find the passphrase file for the steg

i got it. Try harder…

this box was really fun - it took me a while and a bit of frustration but finally, I got it :smile:
feel free to DM me for pointers :+1:

On the box, and have enumerated the d******* user. Also ran ./L***** to try and get somewhere with privesc, but haven’t managed to find that “thing” everyone seems to be talking about… I’m pretty unfamiliar with general Linux processes, so this is proving to be more difficult for me than I’d imagined… Anybody willing to provide a nudge? It’d be greatly appreciated :slight_smile:

A nice box, definitely learned a lot again and brought me back into it after having to take a break for some time. After a nudge or two from @4r514n I stopped blinding myself. Thanks for the box! :slight_smile:

Got user flag in about 20 mins and then spent around 1,5h slamming find and reading through lists of files looking for something out of the ordinary. More linux knowledge would have made this much less painful and slow so time to update the good old studying list for the nights to come!

Thanks for the challenge!

nice box, took around 5 mins to get a shell, another hour to find user and another hour after that to get root. (Mainly because I was expecting it to be harder than it was and went down a rabbit hole)

Managed to get user after a struggle of figuring out how to use s************.

Now I’m stuck on finding the appropriate binary. I think I might know which one it potentially is but I don’t think I’m using it right. Can someone PM please and confirm if I’m on the right track?

Hello Community! On the box, I got the User access somehow. Now, I’m unable to get root. Have Googled i** exploit and most of the tutorials showed a root access. Can someone guide me through this? Also, have enumerated and found a few doubts. Whom can i pm?

EDIT: Thanks @4r514n and @merlinthebox! Got Root!

So from the low privileged shell straight to root, I have no clue what the .b***** file is or where the steganography part was involved. Can anyone tell me if this was the intended way? I just got a reverse shell and then abused a binary, was user needed?

I was stuck on priv esc for a long time but I finally got root after taking a break. This forum was plenty to help me and I don think I would have got root without it. Definitely learned a lot more about linux! Great beginner box. The steg part was fun :slight_smile: Feel free to PM if you have questions, even though I’m sure there are more experienced people in this forum that can help too

Finally got root, directly went for root instead of going for user and then root
Nice box!

hint for root: just look for unusual binaries

GOT ROOT PING FOR HINTS

Lolz once root system and get flags, just remember to remove your poc or footprints. Make clean for next tester.else it is very irritating .