Zetta

hmm… it took very long time to b*e backup service with help of np script… yes?
Edit: Its was my mistake. Rewrite n
p script and then got user.
Edit2: Rooted!
Very nice box! Thanks @jkr !

I’m user, got some creds. Get some hidden file as user.
Great ! Whats next ? didn’t noticed anything special in all the file i’ve grabbed from these hidden place.

Can someone give me a nudge in PM ?

Finally rooted.
What a journey.

Really thanks to @jkr for the machine and @bambunz for the help.

Initial foothold: carefully read the web page and see what zetta guys are trying to provide

User: get your hands dirty and break that service

Root: enumerate, you will find what you need.

See you guys.

Rooted, thanks @blink3r for the hint.
It was a long way with custom scripts & mirroring the env itself. The box is hard, so do not expect to read the root flag in 5 minutes.
Everything you need for user is already in this thread.
Don’t even try to bruteforce on the way to root. Better read the “notes” once again & check every single point.

Type your comment> @weelye said:

Would appreciate some hints for priv esc… have user shell.

Seen some g** folders with post*** credentials but it’s incorrect.
Not sure how to proceed at this point, if someone could DM would be great.

Rooted!
Thanks to @clubby789, @naveen1729, @Lu191 and @d4rkpayl0ad

hello !
stuck at the same point :frowning:
could somebody give me nudge please ? thank’s so far

I made it to the right port with the right w::y but now I need to find m***s and cs
for the service on that other port. Any advice, no ready made scripts are working.

Got user but no shell. I need to figure that out.
Fun Fun Fun box!

Got user.txt

Stuck a post-user/root. Also found the incorrect creds and configs. Have an idea of “what” I need to do, but grasping at straws at “how” to get the payload there. Any DM would be greatly appreciated.

Edit: been a trip! Rooted.

WOW… Rooted… Thanks to @Cptsticky for helping me out… HAD A BLAST on this one…

So nice and well thought out box! thanks @jkr. learned a lot of new stuff here.
ps restriction is awesome, felt really uncomfortable not able to see all processes. this is the first time i see such thing on a box.

p****** took me long just because I’m not that good at s** syntax and even worse with this particular syntax. After I got reverse I found out that pentestmonkey got us covered with cheatsheet which would saved me days of reading. Though i don’t regret i haven’t found it earlier =)

@Cptsticky, thanks for the nudge

Finally rooted.

thanks to @jkr for great box. Learned a lot :slight_smile:
and thanks to @Cptsticky and @bambunz for help me when i stuck.

Any hint for getting IPV6 address of the server?
Tricks that I know (both of them, lol) didn’t work.

Type your comment> @joshibeast said:

Any hint for getting IPV6 address of the server?
Tricks that I know (both of them, lol) didn’t work.

carefully read RFC mentioned on the homepage

Finally rooted.
Fight with post*** part, but start working, find i*_a file and his*** pas*****

PM for nuggets

Hack The Box

about r**… how can I get his password? any nudge?

Type your comment> @blay said:

about r**… how can I get his password? any nudge?

man r**** and brute

Type your comment> @v01t4ic said:

Type your comment> @blay said:

about r**… how can I get his password? any nudge?

man r**** and brute

check your DM

Got user…

Special big thanks to @v1p3r0u5 and @clubby789 , you saved my mind…

Let’s try to root this now… scared

Anyone with a hint for IPv6? I’ ve read the RFC a few times but nothing jumps out…