Curling

12627282931

Comments

  • Finally rooted!
    Can someone pm me on how to gain root shell?

    Also, pm for hints

    Hack The Box

  • Yahoo, rooted! That's my first machine.
    I've got the user hash and the root hash, but I didn't find out root password. That's normal?

  • Type your comment> @ubushan said:

    Yahoo, rooted! That's my first machine.
    I've got the user hash and the root hash, but I didn't find out root password. That's normal?

    You don't need the password. You just do a privilege escalation and gain root (id:0) with it.
    Or spawn a privileged shell.

    wirehack7

  • any hint on gettig root?
    got user a long back but no luck with root

  • So I'm basically stuck on privesc for root with the i**** file and the r***** file. I recognize the contents of the r***** file, and I also have tried running c*** on the address provided, but I can't seem to get anywhere... Circling around this for a while now. Can someone who has already rooted the box potentially point me in the direction I should be headed in for this? Thanks!


    Hack The Box
    defarbs.com | Retired Machine Writeups! - "Let me just quote the late, great Colonel Sanders, who said, 'I'm too drunk... to taste this chicken.'”

  • Hardest parts of this box is getting to what you need to before the dam thing gets reset its a race against time get your shell in a good spot and roll from there. nc the right file back out to terminal and work it on your own box. If you can't no worries reach out heading for root now but can help with the special file like Bandit mentioned but have better commands to get it quick since its a time race for your shell to be blitzed every 20 mins lol...good luck!

  • Type your comment> @Johnny5 said:

    Hardest parts of this box is getting to what you need to before the dam thing gets reset its a race against time get your shell in a good spot and roll from there. nc the right file back out to terminal and work it on your own box. If you can't no worries reach out heading for root now but can help with the special file like Bandit mentioned but have better commands to get it quick since its a time race for your shell to be blitzed every 20 mins lol...good luck!

    edit: Root! aha hint its all about timing too to edit a certain file look in a nearby folder run commands see a certain thing running under root its prints out something like a? good understand that and understand how to use curl to pull files like think of how kali opens by default see the url? thats a good hint hopefully not to much of a spoiler good luck! hit me up help you further if need be,,,

  • Please if anyone is reading this. Try not poison the index page of the website. There are others attempting this box as well...

  • edited March 2019

    Rooted. Funny and easy machine... And yes, Joomla allows to upload a php shell in that simple way also in a real scenario....

  • ROOT DANCE!!!!

  • I'm stuck at privesc, I understand that I need to deal with a****-**** and curl command but I don't understand which process creates them and how do I grab the root.txt.

    a PM with a clue or a tip will be much obliged.

  • Firstly, please stop nuking the index.php page... there are plenty of alternative vectors that won't ruin it for everyone. And secondly, I've managed to grab the root flag using the neat little trick provided (YAY!) but I'm now stuck trying to pop a root shell. RTFM'ing for the last 12+ hours and I've gotten no where in terms of using the same tool to gain access. I'm almost out ideas. Anyone that could nudge me a bit would be very much appreciated!

  • Stuck on priv esc as well. Ive been reading and enumerating for about 8 hours now lol. Not sure im any closer.

  • Rooted, had to do a round about way, but got there in the end. No nuke required.

    Demonseed74
    ccie|ccnp|ccdp|ccip

  • I found the user.txt but cant read it, I know what the contents of p*****_****P are but im having trouble converting it into anything usefull. If anyone could give me a hand send me a PM plzz

  • edited March 2019

    Is it just me or is anyone else stuck at the part where we have to upload reverse connection shell?
    EDIT:
    NVM completed it... Missed one sneaky bastard...

  • Yes. Finally got root!

  • Type your comment> @c4m said:

    Stuck on getting a shell uploaded on the joomla admin panel, tried editing the templates, installing a simple file uploader but nothing seems to work, anyone able to nudge me in the right place?

    how to manage files under cms?

  • can any one help me .. i got credentials logged into a***********r page after that what to do i'm stuck and clueless any hint to move further. PM me..

    Hack The Box
    If i helped you and tried to explained you! just give me a respect. click on the img to get my profile link.!
    Profile : https://www.hackthebox.eu/home/users/profile/17564

  • I did it without getting root access or displaying /root/root.txt file !
    it's done without moving out from the user home directory. is that normal !
    azasdf74M owned root Curling [+20 ]

  • Can anyone PM me how they Owend user as i have got root access directly. and read the flags from root. i want to know about user . as i have found one interesting file. PM pe for user .

    Hack The Box
    If i helped you and tried to explained you! just give me a respect. click on the img to get my profile link.!
    Profile : https://www.hackthebox.eu/home/users/profile/17564

  • Finally got root.txt. Was anyone able to actually get root login? I just went after the obvious and learned new.. uhh.. options for curling in 2019.

  • need help regarding on root.txt i was able to get the user.txt.

  • edited March 2019

    Does anyone know why I kept getting "SMB shares are not supported in file" error when I execute the c*** command to get root?

  • okie nvm got it i was dumb it was syntax error

  • stuck on the root.txt i can't find it. also that i don't have privlage on the root folder.

  • jkrjkr
    edited March 2019

    .

  • edited March 2019

    got user and root with a lot of help from @amzker and this forum.. for those stuck with Pb file -> identify the file type, run transform, identify file, run commands that must be run on the filetype, identify file.. repeat ... let the file lead you

    i was stuck inside the usr shell for quite some time with no idea how to sneak out or privesc. again help from everywhere

    stuck at user shell -> find interesting dirs, observe file behavior. thanks for the box and all the help.. not a pro hence lot of learning on this one :)

    cheers..

    happy to be of help ..

  • found secret.txt what does that meant?

  • @PHunHouse said:
    Got the s****.t** ; not sure where to use this after decoding.

    I'm also on the same stage. Not getting username. Tried every combination of written by and all.

    Plz PM hint

Sign In to comment.