• Type your comment> @jayjay25 said:

    Any help on user? I've looked up infoblox rmi and can execute commands through the script but they run as w-d instead of p****** as i'm executing the script ..I'm missing something simple here?

    Try privesc to user p****r with the most used method on Linux. It'll run any command for you as that user.


  • Got root :wink: PM me if you need help

  • Could use assistance with root, I see the s*****.**l but I don't think I'm running the custom service I made?

    Hack The Box

  • finally rooted! thanks a lot @LordImhotep

    anyone need a nudge PM me


  • edited August 2019

    Finally rooted, really liked that box as it taught me lots about Priv-Esc (not all applicable to that box, but when doing research you stumble across that goldmine of info on Linux PrivEsc).

    Generally a straight forward box, well done, thank you @manulqwerty & @Ghostpp7

    Also thanks to @Gn0m3h4ck3r for the help!

    Hack The Box

    OSCP | CEH

  • edited August 2019

    i have got reverse shell in w**-d*** but can`t move to p**** and read the .p* file....

  • rooted. pm are welcome.

  • Finally rooted. Thanks for all the very good hints! Learned something new again.

    Tip for root: copy your public key into authorized_hosts and just ssh in. I was unable to modify the system administration stuff from my reverse shell. I ssh'd in properly, and the same exact steps worked perfectly.

    This is such an obvious advice but I didn't think of it. It makes everything so much more comfortable.


  • Finally rooted. Nice box.

    Thanks to @S7uXN37 and @a1mops

  • nice machine. root was cool :smile:

    Hack The Box

  • Rooted!

    Nice box :)

    Hack The Box

  • i am stuck at w******a. at Si*****.*y i tried to run command as user and inject command in parameter -p but not working bc the forbidden ch***
    any hint?

  • Just rooted the box but I feel like I did it in an unintended way. If anyone wants to discuss the solution or need some help, PM me!

  • finally got there and ranked up :)


  • Fun box. Learned a lot. :)

  • stuck in the filtered command, search anything on google but still cant beat "got you"

  • Finally root.... Thanks to @Bond-o and @Dnina for the nudges and guidance....

  • That was an excellent box. Learned quite a bit from the process about tools and resources. User had me stuck for a little while after making no progress with character encodings, environment variables and python3 :)

  • I got the user. but I am trying for root. can u give me hint ?

  • Rooted with some hints in this forum, but still not sure about everything. Can anyone explain to me why the full path of s*******y is important here? Why I cannot just type in the file name only when I'm in that directory? Many thanks!

  • edited August 2019

    I gotten on as the web server, and found a certain script, and looked at the sudo stuff, but I keep getting prompted for a password whenever I try and run the script. I can't figure out what's wrong. Can anyone nudge me?

    Edit: NEVERMIND, I read the man pages closely :)


  • Type your comment> @snox said:

    I got shell was w**-***a user and i have found s______.py but i can't bypass those forbidden characters! I really have no clue of what other characters i can use to accomplish what i need to :-/
    Can anyone point in the right direction?

    dm me

  • @tomteng : It's how it is defined in the sudoers file, the binary will only run with the modified permissions when called exactly as in described in that file, for security reasons. Sometimes you might find wildcards being used in the path description which you can leverage as well, although that's not the case with this particular box.

  • I can't get the lfi to work at r*.p&***=.
    I've tried everything I know but nothing seems to work (n00b here).
    Could anyone give me a hint for that?

  • @sn4k3r1tu4l : Perhaps it isn't a LFI, but a different type of vulnerability?

  • Rooted... Very good and straight box, thx @manulqwerty and @Ghostpp7
    PM me if you stuck and describe in detail what you did and what you have!

  • a simple hint,
    enumerate GSUIDs

  • Pretty easy but fun. Seemed like there were a lot of different ways to accomplish things.

    If you PM, please include the steps you've already taken. Don't forget to hit the respect button!

  • AklAkl
    edited September 2019


  • Pfew, got user after some hours :tired_face:
    Let's move to the esc xD

Sign In to comment.