LaCasaDePapel

I generated the certificates in various modes, but, despite certificate is installed in browser i got the message: “Sorry, but you need to provide a client certificate to continue.”

@portos060474 said:
I generated the certificates in various modes, but, despite certificate is installed in browser i got the message: “Sorry, but you need to provide a client certificate to continue.”

PMs :slight_smile:

thanks, it’s working, I missed a detail, the server certificate :slight_smile:

can i get a nudge on root? already got the shell. maybe its me that overthinking it?

Edit: Rooted! PM if you need help!

lacasadepapel [~]$ whoami
root

Happy to help fellow hackthebox’ers!

So user was simple

Root - potentially should be simple, got the command i need but missing something on the syntax (probably overlooking something glaringly obvious)

Anyone about to go over some syntax ?

I got root.txt and the flag. now, getting a root shell will be pretty straightforward

bash-4.4# hostname
lacasadepapel
bash-4.4# whoami
root

Owned !

I used HTTPS path. I would like to know the “other” method for achieving user shell without using HTTPS. Could someone PM me with that information? thanks in advance

Feel free to PM me for hints

Type your comment> @sillydaddy said:

Type your comment> @parteeksingh said:

Any hints what to do with box ?

A good old door !!!

Indeed…
:grin

anyone got any advice on that stupid p** shell from the f** exploit?

Type your comment> @sebaileyus said:

anyone got any advice on that stupid p** shell from the f** exploit?

use the built-in help, check all the commands you find, as well as other p** functions, and enumerate as much as posible

When authenticating, just refreshing the page with Firefox my not be sufficient -_-

hi guys, about the old door try to use more than one exploit if the 1st does not work!

Type your comment> @Lm00n said:

hi guys, about the old door try to use more than one exploit if the 1st does not work!

Try to understand how the “old door” works, beyond using Metasploit.

Type your comment> @ZaphodBB said:

So user was simple

Root - potentially should be simple, got the command i need but missing something on the syntax (probably overlooking something glaringly obvious)

Anyone about to go over some syntax ?

I know I had trouble spawning a shell. I could see it running in the background though. You can send me the command youre trying if youre still stuck I can be a fresh set of eyes.

cat /etc/hostname
lacasadepapel
whoami
root

What awesome box, PM for user or root tips

Trying to get my head around root - I know its something to do with “M*******D” but cant get the syntax quite right

Got told to “think like a user” - which is of no help to me at all as i rarely ever have to deal with users :slight_smile:

Type your comment> @ZaphodBB said:

Trying to get my head around root - I know its something to do with “M*******D” but cant get the syntax quite right

Got told to “think like a user” - which is of no help to me at all as i rarely ever have to deal with users :slight_smile:

Think what you want that happens. Write it in a shell line, and think where to put this line

@br0k3nc0rk Can you PM about the nudge?

Really missed one crucial bit of the puzzle, MANY Thanks to @Kinjo for pointing out the error of my ways…