> It's the same. If you can find the user, the pass is near from that. And if you can reveal the user, i think you can reveal pass too. I hope I'm not spoling this.
Aw....I've just found another string that was similar to pass. Now I found it, and on the way to root.
I know I can talk to the stretchysearch using c***. I've enumerated all the indices. I've translated all the text and read everything in detail, as I know the needle in the haystack is key...
I'm totally lost now, I've tried a few different scripts to help enumerate/dump the entire DB, but can't get them to work. Could do with some pointers here anyone, please
I'm on the box trying to priv esc to K. Super stuck here, could someone give me a nudge please? I read something about an LFI, but is this the only way?
Got user... but for root, i am trying to use the L**-vulnerabiility. When I use it the server only "chews". No mattr if i include a reverse shell or a textfile. Isn't this the severity we are supposed to use?
Phew, finally rooted. Don't over think the privesc like I did. Look at what you have, consult the documentation to understand what's going on, google around for some good resources, and then use a debugger to your advantage. PM me if you're stuck and need a nudge in the right direction. Special thanks to @thegoatreich for the assist.
Just got root, as @nergalwaja says, don't overthink it. Just connect the dots.
Special thanks to everybody who gave me a nudge in the right direction. Looking to pay it forward, PM me if stuck or in need of hints. Good luck.
jeez, i'm getting a raw patch on my head from scratching it so hard. user was...meh. nice puzzle but i prefer more "real world" boxes. i know what i need to do after getting user, it's just i can't figure out how. i know what to upload and was looking into a specific CVE but i can't figure out how to execute it. looking through the documentation (which is pretty bad in my opinion, just my 2 cents) didn't get me any further, can anyone point me in the right direction on what to read up on? i'm stuck
rooted. Learned a lot about l******h , especially g**k.
All hints have been already mentioned. If I have to add something about priv esc, don't forget that \s means SPACE.
Would appreciate some help with steps after user. I have been playing with a L** for K***** but when I check ports open the port shown in /etc/k*****/k*****.yml is not running. When I try what the PoC shows on port 9*** it just errors out. Not sure what I'm missing...
Comments
wtf, did someone actually delete user.txt?
We are the things that were and shall be again
Type your comment> @petruknisme said:
Aw....I've just found another string that was similar to pass. Now I found it, and on the way to root.
I have a key I have a pass, I also have a fried brain any nudges on the next step for user and root welcome?
Also, anyone finding the host down a lot?
<img src="https://www.hackthebox.eu/badge/team/image/1805" alt="Hack The Box">
I am stuck with the priv esc to root.
Anyone can PM me with some hints/nudges?
Nearly there I think.
I know I can talk to the stretchysearch using c***. I've enumerated all the indices. I've translated all the text and read everything in detail, as I know the needle in the haystack is key...
I'm totally lost now, I've tried a few different scripts to help enumerate/dump the entire DB, but can't get them to work. Could do with some pointers here anyone, please
Can I get some help on user? I've been using the "rubberband" and I've used _search on b*** and q***** but haven't found anything useful.
Type your comment> @slimz28 said:
Same here - feel like I am as far as I can go without some direction please!
Type your comment> @slimz28 said:
DM I can help a little
<img src="https://www.hackthebox.eu/badge/team/image/1805" alt="Hack The Box">
Type your comment> @mojorisin said:
Haha as soon as I commented, I tried something and that gave me what I needed to uncover the username/passwd.
Hey everyone,
I'm looking for help getting root. Found somethings that I'm exploring but can't really narrow a path to a privesc down.
OSCP | GCIH | SEC+
Type your comment> @slimz28 said:
Have you got near root yet if you have could you give me a nudge I have user
)
<img src="https://www.hackthebox.eu/badge/team/image/1805" alt="Hack The Box">
I'm on the box trying to priv esc to K. Super stuck here, could someone give me a nudge please? I read something about an LFI, but is this the only way?
Got user... but for root, i am trying to use the L**-vulnerabiility. When I use it the server only "chews". No mattr if i include a reverse shell or a textfile. Isn't this the severity we are supposed to use?
Running for OSCP
Phew, finally rooted. Don't over think the privesc like I did. Look at what you have, consult the documentation to understand what's going on, google around for some good resources, and then use a debugger to your advantage. PM me if you're stuck and need a nudge in the right direction. Special thanks to @thegoatreich for the assist.
Just got root, as @nergalwaja says, don't overthink it. Just connect the dots.
Good luck.
Special thanks to everybody who gave me a nudge in the right direction. Looking to pay it forward, PM me if stuck or in need of hints.
jeez, i'm getting a raw patch on my head from scratching it so hard. user was...meh. nice puzzle but i prefer more "real world" boxes. i know what i need to do after getting user, it's just i can't figure out how. i know what to upload and was looking into a specific CVE but i can't figure out how to execute it. looking through the documentation (which is pretty bad in my opinion, just my 2 cents) didn't get me any further, can anyone point me in the right direction on what to read up on? i'm stuck
When trying the K***** exploit, i'm getting a status 400 unrecognised parameter error - can someone nudge me on what I'm doing wrong here?
Ok I'm stupid.
rooted. Learned a lot about l******h , especially g**k.
All hints have been already mentioned. If I have to add something about priv esc, don't forget that \s means SPACE.
Umm, is the s* suid binary that the l******h spits out a rabbit hole ?
Yeah being stuck is being desperate
We are the things that were and shall be again
I have found some B**k details and some q****s ....is this a right path ...how to use this info...
Rooted. The final step needed patience
Would appreciate some help with steps after user. I have been playing with a L** for K***** but when I check ports open the port shown in /etc/k*****/k*****.yml is not running. When I try what the PoC shows on port 9*** it just errors out. Not sure what I'm missing...
Update: Nevermind...
Type your comment> @wish said:
i have same question with you,any hints?thanks
If you stuck, you can PM me.
Can someone PM me on how to get the user k?
Tried enumerating, running pspy and even looking at online documentation.
Found a CVE but unsure how to get the syntax right
Cheers
I quite liked user, I learned a few new words :-).
Root was believable... kinda.
Good box.
OSWE | OSCP | eCPPTv2
I rarely check private messages, if you do ask for help, show your workings. I don't reply to wall posts.
Type your comment> @Nick said:
nothing yet........
Type your comment