• I am having a very hard time figuring out root. Have been messing with it for the past couple days. I’ve managed to spot some processes that are of interest but I just cannot figure out to make them work towards my advantage. Any nudges will probably help. Losing my mind!
  • Rooted, nice box... Pretty user and subtle priv esc


  • Shout out to the guy that wrote the Exploit DB script for a service on this box

  • edited July 2019

    My god root on this box was such a pain in the arse - and it really didn't need to be whatsoever.

    The hint I found most useful was:

    PATH has a priority, binaries are looked for in the PATH from most preferred to least. I think left to right...

    With that in mind, you can make a binary sort of.... skip the queue? and that binary can do something evil :smile:


  • got the user flag and am now stuck at root. I see writable directories, looked at what binaries ran but can't find a way to replace one or "jump the queue". Any tips?

  • Just got my first user flag on this. Ready to try and jump on the root flag tomorrow or later tonight.


  • Can anyone help me a bit with root? I read the comments and I understand the priority of the PATH. I also got p**y running and see the tasks but can't get an escalation...

  • still stuck at root. tried to follow the forum hints, anyone can PM?


  • PM me if you like
  • I have a remote connection to the file system but it keeps crashing, is this due to someone exploiting the thing I'm currently trying to figure out to get root?


  • Ok, I have a question. I rooted the machine, but it would be impossible for me without reading this topic. How you guys come up with the idea like "oh, lets take a look at p********s and then take a look at $P*** and so on to get root"?

  • USER OK, but root.... impossible... I can not find any exploit for it, not for M****, not for ****2, is my first machine, everyone say "It's easy", but I really dont think so... After many hours I m a litte bit... desperate, what to do with C***** or with the rest of the proccess? Who knows...

  • Can I PM someone for help? Maybe I'm trying to run the wrong script, but I repeatedly get nothing when trying to find the salt...

  • Finally I did it!!! I hope there are not so much machines to use c****** like this...

  • Rooted.

    User - Find the webpage by using our mechanic friend and then find the relative exploit, personally I never messed with the time variable and for cracking the salt/hash I saw a useful hint on here that stated use a ‘famous kali word list’ and I can confirm it works.
    Using the creds you harvest? How did you find out the box had a webpage?

    Root - Get a tool that shows background processes and watch. If you’re on VIP, generate traffic yourself, public? Just sit and watch.
    After that, find out what root is doing upon traffic being generated and try exploit that.

    And for the love of god please if you put root.txt in /tmp fucking remove it after you’ve copied the flag!!!!

  • Rooted! My first root on here and would have been much sooner if I'd not missed the first 11 characters from something.


  • edited July 2019

    Oh man. I just spent so much time trying to crack the password with hashcat before taking a second look at the exploit script. facepalm Anyways, finally got user. Now on to root.

    EDIT: Rooted. Feel free to message me for help :smiley:

    Hack The Box

  • First timer here. Anyone able to nudge me regarding the TIME value? Also not sure if a wordlist is necessary for the exploit.

  • Rooted this one as well.

    god damn this hellish machine!!!

    user - is relatively simple machine wappalyzer will help you out on getting what is running on the website so you can attack it, but remember sometimes credentials are used somewhere else.

    root - there is a place where you can write that you shouldn't be able to, that's what will get you root, just use some enumeration scripts to find out where.

    Good luck.

  • Any Hints For Root ?
  • edited July 2019

    Depending on the try, I don't get same results with exploit. Two of them are "looking good". Can anyone PM me to see if my hash is the right one ? Coz' hashcat doesn't seem to recover it :disappointed: Thanks

    EDIT: so stupid, thanks for help with user @sayanthanpera @Celesian, on my way to root now :smile:

    EDIT2: got root, loved it, thank you @jkr :smile:

    Hack The Box

  • Hi All, newbie here :) could somebody help me (PM maybe?) how to enumerate paths on port 80? Having a really hard time finding the right techniques...

  • Type your comment> @idomino said:

    Hi All, newbie here :) could somebody help me (PM maybe?) how to enumerate paths on port 80? Having a really hard time finding the right techniques...

    Nevermind, found the CMS :)

  • edited July 2019

    Man this forum is awesome! That being said, I've got the salt the passwd and i have got a clear text paswwd that somehow doesn't work on /W*****/****n, am I missing something, any hints or corrections would be great :)

    Well, stupidity is a mind killer, got it. Onto root. Engage.


  • edited July 2019

    Stuck at getting user, the script keeps giving the following error:

    requests.exceptions.ConnectionError: ('Connection aborted.', BadStatusLine('No status line received - the server has closed the connection',))

    Has anyone else experienced this?

    EDIT: Using correct URL fixed the problem. derp

  • I've been sucking at this for way too long. I see the exploit, I am on the right PATH but the process is ignoring my advances. Any tips?

  • Rooted. My first box so I definitely used a lot of the hints on here. Learned a lot though, will be better prepared in the future.

    The hint that helped me most with root: "Maybe you can't read but you can write?"

    I would appreciate it if someone would teach me the technique of spawning a reverse shell via this exploit. I got the root flag but reverse shell seems more professional.

    Message me if you need a nudge!

  • Type your comment> @ayayron said:

    First timer here. Anyone able to nudge me regarding the TIME value? Also not sure if a wordlist is necessary for the exploit.

    PM me

  • That last exploit was really winding me up. I noticed the vector almost immediately however exploiting it proved to be far more challenging than I had expected. To those stuck in a hole i say - it's not Eeyore's fault.

  • edited July 2019

    Finally got root! If anyone needs hints just DM me! :)

    profile: https://www.hackthebox.eu/home/users/profile/114435
    discord: Celesian#0558

Sign In to comment.