Writeup

Ready for a nudge, can someone PM please?

Type your comment> @HoodedFigure said:

Ready for a nudge, can someone PM please?

i got some creds from S*** , but i don’t know how i can use them , i tried with a****
but nothing useful

any hint please , i’d be thankful

Type your comment> @BashShabakate0 said:

Type your comment> @HoodedFigure said:

Ready for a nudge, can someone PM please?

i got some creds from S*** , but i don’t know how i can use them , i tried with a****
but nothing useful

any hint please , i’d be thankful

Consider using the creds on other services running on the box.

Type your comment> @HoodedFigure said:

Ready for a nudge, can someone PM please?

Rooted, thanks @pkaiser for the nudge.

Oh man, that was a clutch root.
Feels like doing parkour in cyberspace.

This box was pretty fun. User was super Hollywood, and honestly so was root.
Use the tool, watch what happens when a connection occurs, dig into that.
It’s a classic B&S. Just gotta travel down the right path :wink:

DM for for juicy nudges. Lmk what you’ve done so far tho, don’t wanna spoil anything.

rooted. Did anyone get root locally without having to resort to using nc/msf? I would like to hear how you did it.

PM for nudges.

Type your comment> @1NC39T10N said:

Very nice box @jkr .

Root is tricky to find if others are not on the box IMO. Use the tool already mentioned to monitor processes, but generate traffic to the box while this is running using the VERY last step needed to get user. Observe the process, and consider how to leverage.

Just got root. this comment makes perfect sense now lol thanks @1NC39T10N for the hint

I got the hashes using a certain exploit but can’t crack it. I’ve used hashcat/john but nothing worked. Am I missing something?

Edit: Silly me, I didn’t read the script. Got user :slight_smile:

I didn’t need to change any parameter in the exploit and I found a username ,salt and all, am I in the right direction?

Type your comment> @tripster98 said:

I didn’t need to change any parameter in the exploit and I found a username ,salt and all, am I in the right direction?

um struggling with the same problem, but I just saw something interesting. working on it. Just look carefully of that exploitation script you found…

Type your comment> @tripster98 said:

I didn’t need to change any parameter in the exploit and I found a username ,salt and all, am I in the right direction?

Yes you are. But make sure, that you get the same username, salt and … in each run of your script. If that is not the case, you have to change something.

I got user, but can anyone give me hints on privillege escalation for this box?

Very fun box. Privesc took a bit too much because of “slow traffic”.

PM me if you need a nudge

Got root, got a bit rabbit holed as i used the wrong priv esc ‘name’. Feel free to PM me with where you are stuck at, always willing to drop tips to guide.

Type your comment> @hoodedfigure said:

Type your comment> @BashShabakate0 said:

Type your comment> @HoodedFigure said:

Ready for a nudge, can someone PM please?

i got some creds from S*** , but i don’t know how i can use them , i tried with a****
but nothing useful

any hint please , i’d be thankful

Consider using the creds on other services running on the box.

i tried with ad*** and ss* , but they don’t work !!!

Rooted! Big thanks to @amra13579 for keeping me from wasting hours on a rabbit hole.

Honestly, highly recommend reading through this thread. There are plenty of hints for both flags. But if you get stuck feel free to PM me, always happy to help.

Could someone pm me a nudge for root? I think I’m close just wanted to double check if I am on the right path.

New to HTB here. Tried a few things nothing yet. Do see the other the server, and service. Tried a few exploits on site, but no love. Tired Metasploit, no love either. Just trying to get user at this point.

Can anyone give me a tip on wordlist for hash cracking?

Found an exploit, but just hangs my kali box. Gonna move on to an easier box. This is one is way over my head. I will wait for it to retire, and read the write up…