Registry

Finally rooted!

User: was a walk in the park, just look around and be curious.

Root: Real challenge is here lol. Had to hop many hurdles in order to get the root flag.

P.M for hints friends :slight_smile:

I finally can go to sleep after getting the flag ??

Rooted (!) - what a journey. Some steps towards root were frustrating but in the end I really enjoyed this box, learned a lot.

PM for hints.

Great box! I learned about a very useful backup tool, which I plan adopting.

Amazing Machine ! @thek i’m impressed in how you could come up with such a machine ! a lot of stuff, i learned a lot too ! Thank you for comming up with this !

And a huge thanks to @jrgdiaz who took my head of the dirt when i was stuck with what should be common things ! Now i can get some sleep too !

Thanks a lot guys !

ok should i be able to access the API via the vhost mentioned in the crt

Finally rooted! :smiley:

Big thanks to @hackerB31 and Ravenforce for the nudges on this one.


root@bolt:~# id
uid=0(root) gid=0(root) groups=0(root)
root@bolt:~# whoami
root

root@bolt:~#


Some hints:

USER- If you are having issues with your shell not displaying output once connected, the best tip I can give would be K.I.S.S.

ROOT - Research the obvious, then DIY

Cant get the d***** p*** to work, found the ma*****t and Di**** but still, could someone PM me a hint pls?

I rooted this yesterday after several hours. I have no idea if I did this the intended way. I leveraged the command found in b*****.**p after searching through documentation for hours. Anyone who has rooted it also mind sharing with me how they did it? From what I’m reading here, I don’t think the approach I took to get there is what others did.

Edit: Yea, I definitely didn’t do this box the way that most people are, I overthought it. Still got root though, so ?‍♂️. If you want to solve it the way that I did, when looking at the command you can run, read into all the different type of targets you can be saving to, and then explore whether any of those options have a way to manipulate what gets run.

Hit me up on HTB Discord if you want, @agreenbhm#8525

root@bolt:~# hostname
bolt
root@bolt:~# id
uid=0(root) gid=0(root) groups=0(root)
root@bolt:~# 

finally rooted!
i will be open to giving help to everybody because this box is hard af!
my discord is Celesian#0558

Finally rooted, User part quite easy, but the root was just frustrating, This is the first hard box from me, took time from me to finish it, but I tried to do it by myself as much as possible.

root@bolt:~# id
uid=0(root) gid=0(root) groups=0(root)
root@bolt:~#

This was a fun box. If anyone needs a nudge PM me.

ROOTED !!!
Great box, learnt a lot !
Everyone writing enumeration is the key is absolutely right, after fetching d****r files, getting the user is all about your enumeration skills.

PM me for any help

@drdsol92 said:
Currently stuck at bt user. From the hints provided here, I think I’m supposed to su to w-d*** and exploit r***c somehow? I’ve even gone through the php files but still can’t find anything useful. Would appreciate it if someone could give me a nudge in the right direction ><

You have to find a way to become w**-d**** and get your way with r****c to BACKUP all the essential files

.

i am stuck on second user. i cracked hash, logged in web app but uploading shell doesnt work. when i want change extension, it shows 404 not found. any help?

edit:
no need to change extension :slight_smile:

User! thanks to my mentor, he knows who he is…im finding this box frustrating but not difficult, im not familiar with d****r so i had to read the docs and read the docs and read the docs, that and enumeration is all you’ll need to get to user, its that simple… Now on to root gl -all

Stuck cloning the dr ry, got the basic auth so can view v/_c***g, but can’t get any further

E: Thanks to a nudge from @noob2sec managed to get user, on to root now!

rooted. Thank you @masquerad3r for your hints.

As for root, I gave up to make outbound connection to my local machine. Everything was done in this machine besides cracking creds.
For the final touch, I didn’t know r***-s***** is portable.

I logged in via ssh as b**t user. Found some creds but couldn’t find a way to crack it can someone help me ?