Registry

Very fun box @thek !
Thanks @lukice for the priv esc nudge.

adding to the great hints already found here.

  • User: think about the title and containers. Did you check what was that garbage data you enumerated? Read the docks!
  • Root: you’re probably right to be thinking about that file you found, who can run it? what does it run? read the docs, check the rest :wink: remember you can serve if you build.

Feel free to reach me for a nudge if you feel stuck.

I agree, this is annoying. I know exactly what to do for root, but I can’t seem to make a connection even for reverse shell (have browser based shell…) could somebody give me a hint? Probably some strange firewall rules…

Type your comment> @idomino said:

I agree, this is annoying. I know exactly what to do for root, but I can’t seem to make a connection even for reverse shell (have browser based shell…) could somebody give me a hint? Probably some strange firewall rules…

Same!! stuck for two days now i know everything i have to do and have everything but still nothing i gave up on rshell for root just trying to read the key via wshell

Type your comment> @idomino said:

I agree, this is annoying. I know exactly what to do for root, but I can’t seem to make a connection even for reverse shell (have browser based shell…) could somebody give me a hint? Probably some strange firewall rules…

Did you try to swap client/server?

rooted.
PM for nuggets

Finally!

root@bolt:~#

Now that it’s done, it feels good.

Can someone please confirm that I DONT need to use the o*A** server on u** 7?

Because I have NO IDEA how to use that :smiley:

Now i got this error

“List(key) returned error, retrying after 27.770234378s: Decode: invalid character”

when i try to backup any help?

i’m not able to read iptables just yet but I can guarantee you that it’s moderately nuts enough to be crushing most of what you are doing (or attempting) with the final steps. despite having the entire dir I don’t have the proper access codes.
sad.

if anyone wants to talk about the end let me know.
#BeStrong

Spoiler Removed

User down, onto root.

Trying for root. Need nudge please if possible. Thanks

What a ride!
User was relatively easy (comparing to root). It took me several hours.
Root - a lot of features implemented just to keep you awake. It took me almost 2 days to figure everything out as I was not familiar with the technology and syntax.
As other people suggested: read the docs of the thing you’re trying to exploit.

hint:
For the second user, If you are unable to create working shell fast enough (it’s possible but kinda tricky) then don’t run, hide.

i’m sure that i have some of files needed to get to ******.registry.htb but i’m missing some key files … i think :smiley:

do not know where to go from here … any help?

found that it’s a dr r**y but don’t know what to do next, any hint for user plz ?

Finally rooted this sucker.

For root, see the restrictions more as guard rails than frustrations.

WOOO! I did it.

Longest one I’ve done for this noob.

For your thoughts: When you realize you are trapped inside, ask yourself if you really need to leave?

just got user … someone msgd me on active ssh session for hints on root :smiley: :smiley:

Finally Rooted. Thanks @0xdaff for the initial hint.

some one can pm me ? i need some help with this box :confused:

Edit.
Now i got the user flag …