Neat. Apparently now instead of looking to see whether thereās a ā1 Newā badge to know whether there are new questions, I should instead check to see whether it doesnāt say āMost recent by sh13ldā. Useful stuff.
The script outputs āsuccessfull.yā, but is nowhere to be found, Iāve PM people to know the location and itās not there.
Any idea what Iām missing?
listening on [any] 4444 ā¦
connect to [10.10.15.34] from onetwoseven [10.10.10.133] 54286
root@onetwoseven:/# whoami
whoami
root
root@onetwoseven:/# cat /root/root.txt
Canāt believe I did it. As a piece of advice on root, you might pinhole yourself into thinking it could be an input validation exploit and even going as far as to follow a certain guide on how to do it. Instead, think about how the box is configured and how you can work that configuration to your advantage. Is there any way to fool the machine into thinking youāre something it looks to as a source of information?
Forty-three years later-
This machine is the sickest and I mean that in the kindest way possible.
Max-respects, @jkr
You need anything. Please write me.
Iāll do my best for you.
Does anyone have any solid resources/articles for the repo part? I have read through several and am really struggling. I have wget resolving, I have signed .deb and everything else. But I simply can not get the target to pull ANYTHING with a**-g** u*****. pls hlp.
EDIT: PEBKAC - I was tilted and serving from the wrong directory.
I can pull packages but they get āheld backā at a later stepā¦ respect and beer given to anyone who helps me.
EDIT again: My GOD. What a doozy. I learnt an incredible amount. Probably the hardest yet most rewarding box I have done so far out of everything I have seen here, in vulnhub and in the OSCP labs.
Having issues getting my tunnel working properly. Canāt access the a**** page. I just keep getting forbidden. Can someone please help me with my syntax issues because I feel I am on the right track based off this thread.
Hello
Iām stucked at the root part. I got the successfull.y message, but I donāt know how to find the file. If someone could help me/ could give me a hint, that would be nice.
Stuck staring at the Admin login for the last 2 hours.
Read the entire forum, and canāt find the āfileā.
Edit: Iām in. Now stuck at upload part for 2 days.
Edit: On to rootā¦
Woof, I feel like a fool. Can anyone PM me with a nudge? I have the initial s*p access and managed to find some creds with mls, but I am totally stuck on actually getting access to the high port. I understand tunneling is involved but I canāt see how I can activate it with the privileges available. Thanks!
EDIT: nevermind I figured it out. To anyone else also having this issue: make sure you actually understand what youāre doing with the tunneling command, read the docs.
Check if you do not suddenly have two tun interfaces on your Kali. If so, restart your machine, not the server.
I didnāt check to see if I had more than one tun interface but I did reset my machine. I walked away a couple times and came back fresh throughout the day.
Folks you donāt have to reset or reboot your machine for the tunnel issue. you can just kill your vpn tunnel by āpkill openvpnā and it will remove any openvpn you have established. Everytime you connect to hackthebox, a new interface is created starting from tun range 0, and if you establish another vpn, then you have tun1 & tun0. which then makes it hard for the system to find his gateway. so just āpkill openvpnā and re-establish your vpn
Finally rooted thanks to @siryarbles . Here are some hints that may help:
User: Everything you need is in this forum. In the upload part try to understand how the machine is processing U-Ls, what process first and what next and how htaccess works. Read the code carefully and check adās headers from examples.
Root: If you have already found this blog about a-t MāM is the right one. But you will have to do some changes. First, a-p spāing is not going to work. Remember network layersā¦ There is a var that a-g uses in some cases. You might have already seen it with sā -l. You donāt need D-S spāing either. Just give to the box what it requests. You can use the same thing you found in that var but in your side. After that just read outputs and fix trees.