Hint for HELP

Have got the root and there are two files ur.txt and r*.txt. Are those credentials? How to decipher ?

Type your comment> @chava said:

Have got the root and there are two files ur.txt and r*.txt. Are those credentials? How to decipher ?

Those are the flags needed to claim the points…

guys Im getting an error running the python script 4*3** where it says syntax error on line 42 “if len(sys.argv) 3” can someone PM and give me some guidance? thanks

usage:
python 4*3**.py http://10.10.10.121/s*****/u*****/t*****/

Got the user through the upload way, anyone got the idea of the higher port? I have tried to view the src but not getting anywhere is forging the exact query.

I have user.txt and reverse shell. Box is unstable or something. Anyhow, can’t get exploit to compile…help :tired_face:

EDIT: Rooted. I had the same issue another person had. Didn’t realize I had the shell :stuck_out_tongue: Doesn’t make itself apparent until you start entering commands.

Type your comment> @seventhirtypm said:

Got the user through the upload way, anyone got the idea of the higher port? I have tried to view the src but not getting anywhere is forging the exact query.

If you can get user through the upload way, you can get root. Why not upload reverse shell and go from there?

Rooted. someone said there’s a privesc without using exploit, ran a couple of normal tests and 1 thorough and dont see anything interesting, probably just super tired, but still, if anyone has an ideea, dm me. also 2 interesting ports on localhost, anyone tried anything with those? thanks

Rooted. Manage to do it the low priv upload way + sync clock. I just assume the version of the app is low enough. Despite not being too important, can somebody pm me how to enum the exact version of the app ?

Hey all, rooted this box some time ago but without ever touching the 3*** port. Would someone mind going over it with me? It’s a skill I’m unfamiliar with but would love to add to my toolbox.

Thanks in advance!

anyone on the other privesc without exploit? dm me thx

anyone on the other privesc without exploit? dm me thx

Type your comment

lol did it on some other machine thats why it worked. so my post is still up for any privescs without exploits

i lold at myself so hard

Finally got root on this. As a newbie, user was easier than root for me b/c the service to exploit seemed pretty clear. For root, however, I was kind of directionless and expected it to be harder than it was, and ended up overlooking something basic… Once I realized it, the exploit was easy and took like 15 minutes.

Edit: for User, I saw lots of people recommending to look at the source code, but I didn’t find that helpful (I don’t know the language tbf). I think the easier path using a proxy like Burpsuite to monitor requests.

Wrong timezone was the cause of my frustration. After resolving that, everything else was basic.
TIP.
User ==> Sort out time zone.
Root ==> Do NOT overthink it. Should be one of the 1st things you check when getting any shell.
Challenge can be completed by using Kali’s Searchploit.

PS. My 1st comment. Hopefully no spoliers

Finally rooted the machine. It was quite easy after I realised most important thing is in source code. No, I am not talking of any credentials ?

Feel free to ping me for hints.

hello everyone!

i could use a push in the right direction with this box… i’m not exactly sure how to go about it… i have an idea tho and i dont wanna put out a spoiler… so could someone who wants to help a newb pm me plz? thanks…
HTB is a good group! thanks again!

Type your comment> @FlewManChew said:

hello everyone!

i could use a push in the right direction with this box… i’m not exactly sure how to go about it… i have an idea tho and i dont wanna put out a spoiler… so could someone who wants to help a newb pm me plz? thanks…
HTB is a good group! thanks again!

Did you tried directory brute forcing. Why don’t you look at dirsearch. It’s an amazing tool.

Pm me if you are still stuck.

thanks for the help guys!
now if anyone wants to help with poppin root action … much appreciated… i’ve tried a bunch… seems like i’m going in circles

Type your comment> @FlewManChew said:

thanks for the help guys!
now if anyone wants to help with poppin root action … much appreciated… i’ve tried a bunch… seems like i’m going in circles

im not being rude but it seems that you want others to hack your boxes using your fingers ? its the most basic enumeration ever, if you cant figure this one out … question mark