Swagshop

wut-oh got in and booted out… that was quick… it’s like a mess of tabs in there… geez…

Type your comment> @dm7500 said:

So I got user, but I’m stuck in a w…-d… shell, with no tty. LinEnum shows me the path to root, but I can’t run anything as su because I don’t have tty. I’ve tried Python, but it’s unavaliable. I can run bash -i, but it still doesn’t give tty. I’ve tried uploading socat, but no go on running the executable either.

Any help?

EDIT: Rooted! Just because your favorite TTY shell upgrade doesn’t work, doesn’t mean a newer version won’t :wink:

@dm7500 said:
So I got user, but I’m stuck in a w…-d… shell, with no tty. LinEnum shows me the path to root, but I can’t run anything as su because I don’t have tty. I’ve tried Python, but it’s unavaliable. I can run bash -i, but it still doesn’t give tty. I’ve tried uploading socat, but no go on running the executable either.

Any help?

EDIT: Rooted! Just because your favorite TTY shell upgrade doesn’t work, doesn’t mean a newer version won’t :wink:

I am struggling at this section now as well. Help would be appreciated. I want to buy some swag too lol

Finally rooted the box, thanks @ch4p for the box.

Type your comment> @andrhtb said:

guys, how did you upload shell to admin? via connect?

Yup, btw there is one other way also to upload the shell look on google for an exploit that came out this year only.

Why does this box keep getting reset? So frustrating :frowning:

edit
Ohh, people 503’ing it… great.

Can someone point me towards the credentials? I did a Wfuzz on all my dictionary files, and looked for the most common extensions as well. Gobuster also gives no love.

If someone on here can help I can current on the admin page trying to do a reverse shell. PM me!

Can someone please pm to discuss this up to user? I got user.txt but I believe it was because someone else activated the sub menu item through the thing i cannot figure how to install.
Note: I did not read anything on the forum in order to not spoil what I should do

Fun box. There seems to be quite a few ways to get user, seeing a lot of people suggest a script, but I couldn’t find it. I ended up getting some RCE. Feel free to PM if you need a nudge in the right direction in this box.

uhm i need invite to htb disocrd

Type your comment> @Mumbles said:

Can someone point me towards the credentials? I did a Wfuzz on all my dictionary files, and looked for the most common extensions as well. Gobuster also gives no love.

Sometimes you need to create your own.

Hey thanks for the help guys on getting usr…if anyone wants to help with root would be much appreciated

Got g(root) and ordered my swag YES!!!

can anyone please tell me why i’m not getting full admin creds? i’m able to log in but it doesn’t give me full access… i think b4 i accidently piggy backed someone much smarter than me :frowning:

Any hints on root besides “back to basics”. Am I on the right path with v*?

Very neat box with an awesome payoff in the end. Thanks @dfgben for the sanity check!

This was the box that actually pushed me to go VIP. Once I did, my initial exploit to get admin access worked every single time. Before that, for whatever reason, it was at best 25% successful. No idea why this would be.

If anyone needs any hints feel free to PM me.

EDIT: @1N53C You absolutely are. Read your ‘-l’ output very carefully.

EDIT2: Been using a Commando VM with Kali running via WSL - anyone else using this setup? It’s been working incredibly well for these challenges.

Everyone’s saying that getting root is simple…but I’m kinda stuck…could someone please help me out !

Thanks lattethunder! :slight_smile: Good to hear that I was right so far

Type your comment> @deathflash1411 said:

Everyone’s saying that getting root is simple…but I’m kinda stuck…could someone please help me out !

Same… I’m not seeing it either. Been on as user since 30 minutes of release. I guess I’m dumb.

Edit: Yup I’m dumb, I had all the pieces just needed to figure out how to put them together. Thanks ixxelles for the nudge!

Edit: double post