Hint for HELP

Finally rooted, pm me for hints!

If you want any help, you can pm me :smiley: I got root :star:

finally ROOTED…
feel free to PM me for hints!!!
https://www.hackthebox.eu/profile/56044

Rooted :slight_smile: user was a little bit tricky :B but root was simple :slight_smile: . Awesome box! Feel free to PM me

User & ROOT :smile:
Reading through the comments I was confused about the time travel because for me it worked out of the box, and then I realized where I live :tongue:
Nice box! :smiley:

Type your comment> @tobor said:

I have rooted Help. However i set the time on my machine in order to do that thing. If someone has done that thing without setting the time on their machine would you mind sharing that knowledge with me

You can always adjust the exploit to use the right time.

user and root. Fun but user was tricky.

Could I get some help on how to get the file uploaded?

Rooted PM for hints… :slight_smile:

Hello,

Someone can give me clues to the root of the help box

Greetings

The hints spread all over the thread should be enough to guide you on the right path, if that isn’t the case I’m open for PMs.

Got user & root. Anyone want to PM on the port *000 route for finding creds? Not familiar with that language/framework.

Hints for user:
Make sure your time is automatic.

For root: basic priv esc. Article below shows general steps, but the exploit won’t work for this box.

Ofcourse a few minutes after i ask for help, i manage to upload a file…

Great box. Detail is everything.

User had me stumped for days… “Try Harder” is an asset when approaching this box.

Root, just follow VERY basic enumeration.

The biggest takeaway and hint from this box for User and Root is: TRUST NOTHING!!!

hello everyone,
who could help me take root?

i’m get root!

Thanks for the box. As for the usual statistics in case anyone is interested: user flag took about 2 hours of on and off poking and figuring out a bunch of small problems to get it to work. Root flag took about 30 mins.

Got user, found creds for (I ASSUME based on the context) the service on port 3***. when I try to access M****** via command line, I get an error “Host Unreachable.” Host is definitely reachable (I can still hit it in the browser), so I’m confused what else might be causing that error. Google hasn’t been very helpful.

Am I barking up the wrong tree with M******? Is there a flag/option I should be specifying? Is this possibly caused by another user borking the machine, and I should reset?

I have root as well, but I know nothing of Node and would appreciate a tip on how to properly get the creds from the high port. I’ve tried google but I can’t make sense of how to use it. Thanks to anyone who wouldn’t mind sending a pm.

Amazing machine! The port 3**** is very useful for the exploit to work!

Type your comment> @Nibodhika said:

■■■■, I spent too much time banging my head against the wall on some stupid mistakes. I went the easy (unauthenticated) route, since I couldn’t figure out the high port endpoint, and after reading the code I’m not sure how I was supposed to discover that other than a wild guess.

Hint for user: go read the code, seriously, pay close attention to it, don’t trust the exploit documentation over what you’re seeing, but the exploit code is correct.

Hint for root: I hate typing in the wrong window almost as much as I hate Caps lock.

This hint gave me the final clue for a happy ending. Thanks!!