Fortune

Great machine, although user was a bit too easy, but very fun…

Need Hints PM me.

I’ve got user, and I think I’ve got the info I need for root. When I run the appropriate function I get unreadable text out. Any nudges?

I’m having no luck finding the “RCE” bug. If someone could PM me and help out I would appreciate it. I’ve got some usernames and enumerated all services I think, but I must be missing something obvious because I don’t see any way at all to get the remote machine to do anything.

Edit: Oh thanks, I found the bug :slight_smile:

For those struggling with root, what helped me was going to github and reading the source for p***n. No cracking required, no need to install locally. I did copy bits of source code to run locally. Make sure you have the hint from B in hand first.

Feel free to PM for hints.

i’m got root, but i don’t understood : why key is hh? i think that i needed p****d

Can any one help me where can i start ?

Nice box, made it way to difficult for myself on the root part xD

Hi Folks,
Need your help. I managed to get login to the lower port via ssh as nf*r. Trying to mou but failed with an error as “failed admnistrator”. COuld you please help me with some documentation for the same.

Type your comment> @pawanjswalhtb said:

Hi Folks,
Need your help. I managed to get login to the lower port via ssh as nf*r. Trying to mou but failed with an error as “failed admnistrator”. COuld you please help me with some documentation for the same.

Are you using sudo and/or are you root on your own machine?

I got user, but cant seem to find this thing everyone is trying to decode, anyone wanna nudge me in the right direction?

Type your comment> @mech said:

I got user, but cant seem to find this thing everyone is trying to decode, anyone wanna nudge me in the right direction?

In the home of the user, there’s another file. It’s contents tell you what you need to look to start.

I’m in the next step… Think I have the things to decrypt, but can’t find the encrypting algorithm… If someone can help, would be appreciated.
I tried to crack’em with john but no luck either.

@ompamo

I have seen the file with the hint, and checked out the thing it’s referencing on the other port, but I can’t seem to find the hashes everyone is mentioning.

Finally rooted, thought I’d give it a try after going through the active easy boxes. Learnt a lot, especially as web isn’t really my thing. Interesting box that I enjoyed a lot. Thanks for all the forum hints, they really helped!

rooted. What a box @AuxSarge !

hi ive got the intial RCE but struggling with intermediate CA stuff any chance i can PM someone for some pointers

So sad this box is retiring this weekend… It was my favorite one on HTB :disappointed:

Looking forward to Rope though with high hopes! :slight_smile:

Can anyone help me with the certificates !
Or is there any other way to get the user

Type your comment> @D1r3Wolf said:

Can anyone help me with the certificates !
Or is there any other way to get the user

I’ve used curl with the appropriate flags.

It was so cool to pass it in the second time. I passed it for the first time many weeks ago and it looked like new in the second time. But the second time I passed it much more quickly. Hence HTB practice really improves skills)

Type your comment> @Heyder said:

I’ve used curl with the appropriate flags.

Thankyou

got the user
Trying for root