onetwoseven

Really cool box so far! I would be really happy if someone would be so kind to PM me a hint.

I’ve managed to get “upload succesfull.y”, but I cannot find my upload anywhere? Hmm…

So far awesome box - just stuck with the user flag. I do have a shell, but not as the right user and so far no root. Can’t see a way to get user.txt. Any hints?

EDIT: I think I’m on to it. Learned another useful command for priv esc and a new priv esc technique. Nice!

Hey guys, I have a problem.

Today when I was in class I tried (and succeded) to get to the high-port website, now I used the same method at home and I get this error:

channel 5: open failed: administratively prohibited: open failed

What’s wrong?

– EDIT –

FIXED, if your getting that error try to change “localhost” with 127.0.0.1

Type your comment> @Alurith said:

Hey guys, I have a problem.

Today when I was in class I tried (and succeded) to get to the high-port website, now I used the same method at home and I get this error:

channel 5: open failed: administratively prohibited: open failed

What’s wrong?

I think your SSH tunnel is wrong

please DM hints. I am stuck with sftp. I know this may be obvious but I can upload files with sftp and able to change file permissions still unable to get shell. any help?

Type your comment> @andrhtb said:

please DM hints. I am stuck with sftp. I know this may be obvious but I can upload files with sftp and able to change file permissions still unable to get shell. any help?
Uploading a shell from SFTP won’t work as far as I know. Use the command help and find something that can get you to read something… Anything past that is a spoiler so I won’t tell more. Feel free to pm me though

Anyone can help me with the last step ? I am almost sure that I properly prepared my own server, but when I try it from reverse shell, I only get error 404 and dunno why.

The best hint on htb is to not rely too much on htb hints unless youre trying to verify the last 10% of a hunch

Spoiler Removed

Type your comment> @joakim said:

Really cool box so far! I would be really happy if someone would be so kind to PM me a hint.

I’ve managed to get “upload succesfull.y”, but I cannot find my upload anywhere? Hmm…

Thanks a lot for your help, @lantog
Awesome box!

Would anyone be able to assist with intercepting the tunnel traffic with burp? I’ve been struggling to get this working correctly but feel I am super close.

Can someone give me a hint about sftp part?
I tried creating links, but i limited in web root (www), so i didn’t manage browse something interesting.
And i tried uploading shell and giving 777 to it, but getting 403 all the time.
What am i missing?

EDIT: Working only in sftp tunneled my vision, didn’t thought how different environments may interact with same object.
Moved on, but did not managed uploading reverse/command shell from sftp.

Finally got root! That was a pretty cool box, though root was definitely finicky. lol

A tip for people working on root:
People on stackoverflow don’t know ■■■■. Do not ever trust their answers and do more thorough research to confirm it. Got completely dead-ended because I trusted something I read there to rule out one of my approaches.

.

Type your comment> @GordonFreeman said:

Would anyone be able to assist with intercepting the tunnel traffic with burp? I’ve been struggling to get this working correctly but feel I am super close.

remove 127.0.0.1, localhost from exceptions in browser

Awesome box, from beggining to end. Congrats to @jkr for the great work done here. It’s not an easy one, but you can learn a lot from every step if they don’t just tell you how to do it. Root is mindblowing. My tip: This box is so well made it tells you exactly what you need to know. Things will stand out, you’re probably on the right track. Nothing is here by chance. READ every piece very very carefully and think on how to turn it around to your advantage.

Type your comment> @GordonFreeman said:

Would anyone be able to assist with intercepting the tunnel traffic with burp? I’ve been struggling to get this working correctly but feel I am super close.

remove the directive in firefox on network settings for proxy to bypass for 127.0.0.1

I had same issue box is very unstable waiting two days for this to work so i can go for root me and 3 guys were having major issues last night

So… is a**-g** u***** a rabbit hole to get root? I already have shell access, but no user.txt and root.txt in sight so far. I know ways to exploit it, but those won’t work here - or would they? Not sure if a proxy is needed for this attack… Any hints? Also, is there a way to get user.txt without getting root? I know I am soooo close

Type your comment> @rootk1d said:

So… is a**-g** u***** a rabbit hole to get root? I already have shell access, but no user.txt and root.txt in sight so far. I know ways to exploit it, but those won’t work here - or would they? Not sure if a proxy is needed for this attack… Any hints? Also, is there a way to get user.txt without getting root? I know I am soooo close

nope not a rabbit hole you can view with netcat and figure out what is going on here upstream proxy as well as a little local host editing should get you on the way

I was also told env_k*** works but i found so does a proxy through apt-***

Type your comment> @wabafet said:

Type your comment> @rootk1d said:

So… is a**-g** u***** a rabbit hole to get root? I already have shell access, but no user.txt and root.txt in sight so far. I know ways to exploit it, but those won’t work here - or would they? Not sure if a proxy is needed for this attack… Any hints? Also, is there a way to get user.txt without getting root? I know I am soooo close

nope not a rabbit hole you can view with netcat and figure out what is going on here upstream proxy as well as a little local host editing should get you on the way

Awesome cheers! Seems I am actually on the right path…