• Type your comment> @EthicalHCOP said:

    Hi, some hint to begin ?
    i not sure if i have some interesting thing

    Check any port, you will find one where you can do nasty things.

  • Type your comment> @xdaem00n said:

    Finally got root, thanks for those who helped me.
    The way to get user is cool, I really liked that and waited for a box like this one. Root was hard for me mainly because I didn't try ^everything^, once I tried something else that was in front of my eyes the whole time, it worked.
    Hint for initial foothold:


    2 Enumerate the box, you don't need to get a shell in order to do that.

    Hints for user:

    1 What does the user name tell you? Maybe you can do something and then use one of the lower services to log in?

    Hints for root:

    1 The hint is inside the home folder, read it, look for it, once you find something, import it to your machine and enumerate it more. Check out the source code to see how it works behind.

    If u need help feel free to pm me

    I'am looking behind scenes on fortunes, but cant understand whats going in there, beside I find very interesting things on a secure port via command line. But I'm complety stucked on the most common port and its fortunes. :anguished:

  • For root:
    Read the code and utilize the data you've found. If you are okayish with Python you can solve it in no time. Remember that you can just copy the code and import it to your python interpreter.

  • Just rooted. Overall very nice machine. No guessing, no CTFish nonsense. Congrats to the author!

    However 6h spent trying to crack something what just can be copy-pasted.
    Always read ALL relevant code, do not make assumptions like me. Otherwise it will be a very hard way of learning.


  • well i dunno where i should start with this box, i think im still a bit nwbie. I cant understand how the fortunes works, i got some certs via Op****l but without a private key i cannot make the user cert, so im a bit lost, could anyone gimme a hand with that? via PM or just with a repply in the forum... i want to learn about BSD :D TKS in advance!

  • Got root. For me an enjoyable box.

    However the very first step was painful to see because it was so simple (strangely). After that, an interesting route with plenty to learn along the way.

    For priv-esc, patiently and diligently reading source code is the way, once you have found the jewels.

    Feel free to PM me for hints.

  • Found every single part, but can't assemble it into the solution to get root.

    I got the H*** from d* file, and got the de**** function, as well as the ke* from d* too, but can't get anything useful after de****ing it :(

    Hack The Box

  • Got root.
    Feel free to PM me for hints.

  • edited May 2019

    ....need help on root....stuck for weeks

    Missing the ci******** for the d****** function

    Edit: For root, I strongly suggest downloading the application locally, creating your own database and put some print functions around the crypto functions

  • edited May 2019

    Finally after long struggle, i managed to root it.
    special thanks to @Roph @NoPurposeInLfe @goeo @Jiren @Brutef0rce

    Tips here,

    Initial: Please, put more attention on enumerating. If you are lost, follow owasp cheat sheet and you shall find your way in.

    User: once you are in, understand what caused the error, how can you solve the error? what do you need to get in? The forum itself has already given the answer. If it is asking for a certificate, just show him the same certificate, he will let you in. Once you are in, just be who you wanna be.

    Root: Like what @NoPurposeInLfe said, download the application and enumerate it locally would be much easier. Do check out the mailbox at home too, there are some message left behind that would help you.

    Feel free to find me if you need any help...


  • rooted.
    my first insane level box...but learned a lot as this one will force you to do enumeration and google searches.
    PM me if you want help.And please tell me your progress.

  • Hi! I need any nudge at initial foothold in fortune box) or links for reading how to m9ve forward) thanks in advance
  • Found the hashes and on my way to root. If someone can give me a nudge what to look for to solve that.. Been enumerating for quite a while and found nothing except for the c*****.p* , thanks
  • envenv
    edited May 2019

    Hi! I need hint for root, I've found the hashes and the c*****.** and also the .d* file. I've read the source code but I think I miss some part of it, can I have any nudge for it?

    Thank you before!

    Edit: Rooted, fun box! If anyone need any nudge feel free to PM ;)

    Best Regards,

    Hack The Box

  • Thanks a lot for this box @AuxSarge , learned a bunch from it to research more.


  • Finally got root! :+1:

    Hack The Box

  • edited June 2019

    Well can anyone can help me with the ssl connection thing, I guess I have uploaded right certificates, still I'm getting the https page
    I'm always getting error when trying to spawn
    EDIT:- Ok got it nevermind, I was neglecting very small thing
    EDIT:-Can anyone help me to find the source file, please pm me

  • edited June 2019

    Having difficulties with nf****r - trying to do ssh thing suggested by name and getting "open failed administratively prohibited" - not sure if this is the right direction?

    EDIT: I was over-complicating things - thanks @AzAxIaL for the help

  • Logged in as n******r but cant find the way forward. Any hint please. How do I become another user?

  • hey can i PM someone for the ssl bit. i have some files via rce but think im missing something essential to create the client cert

  • edited June 2019

    I'm having no luck finding the "RCE" that is mentioned several times in this thread. If someone could PM me and help out I would appreciate it. I've got some usernames and enumerated all services I think, but I must be missing something obvious because I don't see any way at all to get the remote machine to do anything.

    I love that almost always whenever I post for help I find the answer i'm looking for within about an hour. :)

  • Type your comment> @dr0ctag0n said:
    > I must be missing something obvious because I don't see any way at all to get the remote machine to do anything.

    Focus not on what to get the machine to do, but what you can get from the machine.
  • Looking for root hint, I have the source and have been poring over it but I think I miss some part/info that is important for decryption. Anyone care to shed some light?

  • Type your comment> @gregX01 said:
    > Looking for root hint, I have the source and have been poring over it but I think I miss some part/info that is important for decryption. Anyone care to shed some light?

    The answer is in your question.
  • edited June 2019

    Hi, I need some hint for the "Once you are in, just be who you wanna be" thing ;)

    Edit: Never mind, I got the user :)

  • edited June 2019

    anyone care to give me a hint on this one?
    got some keys, made a cert, opened a site I couldn't access before where again I can generate keypairs..
    but then what...

    ^ never mind... had some stupid terminal glitch messing up my keys

  • Got root! This was a great box :)
    Thanks @Xurfcha and @p3tj3v for hints!

  • guys I need a nudge in last steps for root, got all secret stuff, not sure how to use it for #, needs some hint

  • I used dirbuster and gobuster but was unable to find the directory where I'm supposed to find the certs. Any help would be appreciated (feel free to PM me).

  • Awesome box! My hints:


    • Initial foothold is quite simple, just probe all the params you find.
    • You'll need to RTFM for certs and a****f. Look for the correct format if you're trying to import to firefox.
    • Think about the user's name, enum the related service. Then, try to find a way to read and write to the files you need.


    • As many have pointed out, your best bet is to install the software locally and test. Look for the data that is being stored and compare it to the one you found. Might need some tweaks before you can find out what you need.

    Feel free to PM.

Sign In to comment.