i already have the sec login ssh and got user.txt
but no idea for getting the root.
how ?
It was hinted in this forum before: there is an LFI vulnerability in this version of Kibana. Try to search for it on the web, you can elevate from sec****y account privileges to kibana user account first, from there you can craft a reverse shell and from there work your way to root.
I was able to switch to k***** once. but the second, when I tried to understand how I did it, I couldn’t reach the corresponding port. I wish I had continued my first attempt at root: D
this is my first HTB! A bit more challenging than I expected.
Can i get a nudge/PM for root? I currently have a shell as K*** and i see a certain L***H input file/dir that looks promising but not sure what to do with it.
this is my first HTB! A bit more challenging than I expected.
Can i get a nudge/PM for root? I currently have a shell as K*** and i see a certain L***H input file/dir that looks promising but not sure what to do with it.
TIA, have a great day!
Ponder what L…H is. What is is used for? What would you expect such a thing to do? Where would you expect configuration for it? Read that. Find out what it means that you see in there. Google the things that are configured and find out what they do.
I’ve got an initial user foothold but having trouble changing user from there using found CVE, wondering if I’m even going the right direction. Any pointers via PM would be most welcome.
Finally got root. For me the number of browser tabs to close when done is a decent measure of difficulty. 14 tabs at the end of this one. Not bad!
Hints are good - lots of discussion. I will say the syntax for the final challenge bugged me - I guess there are some things I don’t care to learn - but renaming the file after modifying and waiting was key. Seemed like the shell came out of nowhere while I was trying other things. Reflecting on the steps - I can see how the spanish adds some confusion/misdirection I could’ve done without. It was a worthwhile challenge but I’m happy to put this one behind me.
First ever box i got rooted here (out of the school lab) I can say it is a mind ■■■■ in the beginning. That’s why I will try to give a hint without spoiling anything.
User: I would really take a look at that pic. I mean the name of the box suggests that this picture is not there by accident. So take a look at it. BTW jpgs can be opened with other programs so give it a try. After that enumerate to find some creds that will be really helpful. Also the language in this box is of big importance. PMs are welcome.
this is my first HTB! A bit more challenging than I expected.
Can i get a nudge/PM for root? I currently have a shell as K*** and i see a certain L***H input file/dir that looks promising but not sure what to do with it.
TIA, have a great day!
Ponder what L…H is. What is is used for? What would you expect such a thing to do? Where would you expect configuration for it? Read that. Find out what it means that you see in there. Google the things that are configured and find out what they do.
OK, I am really struggling at the last hurdle here.
I have a ka shell. I am in o**/ka. I am creating a file lh_ with a reverse shell. I thought that this would be parsed by GA:c**o and would be executed.
Where am I going wrong? Help
EDIT: Decided to try just one more thing. Got root at last. Happy.
Really, if that was a easy box, I am Elvis Presley… I had to read a lot until find the way to root, the user was tricky during WEEKS… I can not imagin how will be a hard machine… bufff