onetwoseven

Feel kinda lost on getting root after nailing user, if some hero could point me in the right direction via a resource to read or a hint would be greatly appreciated. Feel free to PM

Someone could please help with root? I did everything i found in a tutorial but i dont know if i am doing it wrong or i dont know. I know what to exploit, how to exploit but i cant do it.

Hey, could someone PM me a hint for the S**T part ? I tried every command but nothing succeeds …

I have that local high port reachable from my box … get everything 403 Forbidden, what am i missing ? I know to where i have to go, have the credentials also, but that 403 … help ? :stuck_out_tongue:

Awesome machine, had a lot of fun even tho I felt frustrated sometimes. Thanks to @ZerkerEOD @kr0gh @xdaem00n and @r4w47 for the tips. I want to share some tips so people don’t struggle as much as I did :

  1. The website gives you creds so log into the secure service
  2. Once you’re there ask for help so you know what you can do. Don’t focus only on this service since the secure service interacts directly with the web service (Don’t forget your punctuation :wink: )
  3. Retrieve interesting files, specially one with a strange extension
  4. Tunnel time (There are a lot of resources out there about this topic)
  5. Log in and read the code of all the files. Inspect the grayed out element and make some changes, upload your file and get a shell.
  6. Root time. This is the hardest part yet the best. You’ll see that you can run some commands as privileged user. Google it and don’t overthink it.
    Have fun (If you think this post has spoilers feel free to report it)
    Hack The Box

Yes, it was long and hard trip for root.
I did not make the last step correctly and checked up for many hours my environment.
Read a lot about Linux repo structure and files, a lot of theory and details.

I would prefer not to learn of course so deep but you do not know which small step is necessary to pass the challenge. And I praise myself that I did the last small step by myself.

And many thanks and big respect to all hackers on the forum for all hints and recommendations.
And hats off to those pioneers who could pass this box on the first try.

Can someone please help me getting user? PM me

Can somebody give me a hand with the a**-g** up**** vector?

I’ve got everything setup, it looks like the right files are being retreived but the command does not exit without errors.

a-g up**** starts asking me questions if I try to pass -o, and it seems to ignore A**_*****G despite what the documentation claims. I know what needs doing, just shaving yaks at this point, PM me if you’re feeling generous and want to drop me a hint.

Can’t login through s**p service using the creds machine gave me(working yesterday)… Someone changed passwords and username?

I am completely lost on this one! I have SFTP access… i can “proxy commands” using a SFTP flag but i can’t figure out how to tunnel correctly since i can’t get direct ssh connection!

I’ve even tried a tool i’ve used before, ch**el which helps with tunneling, and i was able to get it working, the client connects to my server but still cannot access the high port :-/

Could someone PM? I am really lost a the moment :frowning:

Thanks

I have finally rooted it. What a box, epic, terrible, painfull, long, wonderfull… Thank to @bullsonparade , @m4xp0wer, @sv1 for their valuable hints and support.

Looking for a nudge on a**-g** vector. Also, I think I blew by user flag =/
I’m working with the shell after plugin upload. Any help would be greatly appreciated.

PS: i linked /etcTill now i have the SFTP creds, and i am able to upload files and view it in the browser. Also I have tried linking a few files and accessing it. Succeded. But now i am kinda lost. I don’t know what EXACTLY i should do./passwd to see the list of all users.

any nudge?

and here i came across something unusual. it seems that you just can’t include /etc/ p a s s w d in comments

remove spaces in passwd

that was funny, lol. however any hint from here on?

can someone pm me some hints on root part?

Can I get some help on uploading the P*P shell via the admin page? Maybe I’m overlooking something I should know, but I just can’t figure it out.