Heist

Hello @ll! somehow i get to login so i got ps> but could someone guide me a little what should i do next ? that’s my first steps in hackthebox and im so much confused right now. But that’s great way to learn.

Need help for root, I have dumped the process needed. How would I retrieve the file out from the machine?

Rooted,
PM me for hints.

I have found 3 password (1 in cracking) and 3 username from c*****.txt, and more than 3 open ports. Plz PM me about what should I do next?

Wow 4 hours trying to figure out how to get more users wanting to do it myself. Finally saying screw it and asking for help. Pasting my syntax and instantly noticing the issue. A LOT of lost time for a simple mistake… Word of advice look it over… DANG

Got user. Now onto root.

Finally get ROOT!! Feel free to PM me for hints.

Spoiler Removed

Получил рут, если кому нужно подсказать куда идти пишите пм
Root it, thx for hints

I’m a little stuck on privesc… I’ve dumped the process from i***x then searched the results, but I couldn’t find anything…I think I’m searching with the wrong pattern or didn’t provide the right arguments to get a good dump file. I could use a nudge please.

Guys, thanks for all help! first ever user :slight_smile:
Really enummerate and that jewel script made my day :slight_smile:
now going for root!

Spoiler Removed

Rooted, easy machine.

What does the fox say?
“Ring-ding-ding-ding-dingeringeding!
Gering-ding-ding-ding-dingeringeding!
Gering-ding-ding-ding-dingeringeding!”

PM for nudge :cheers: :smiley:

Thanks to all of you, I got it. Learned some new tricks so mission accomplished. Good box. As usual, lost time on unnecessary things but ultimately got there. The hints are all there in these posts and are always fun to decipher. For root, Stumbledore’s link is solid but the keyword may not be exactly as advertised. Try searching for a more complete word than the securityonline link uses. Although that’s the way I went, there are at least 2 other ways without using p***D.exe. I enjoyed the box.

Available for nudges.

Also just curious, can anyone explain why a lot of ps1 doesn’t work? Is it just me or defender or something else?

Been hunting the animal but cant find something useful on that process. It seems i have to tweak the options?

btw: anyone found that weird xss?

Type your comment> @zfyra said:

Any hint to crack secret 5 pass?

hashcat64 does in less than a second, need to know type as well as ‘rock’ the correct wordlist.

Dam*iiit! Props to @0x71rex and @mike008 for that push.

Type your comment> @govsec said:

Dam*iiit! Props to @0x71rex and @mike008 for that push.

Way to go mate.