Bashed

Spoiler Removed - Arrexel

Am I the only one not able to use the upload command???

@RedCup0x0 said:
Am I the only one not able to use the upload command???
there alternatives to upload command (hint: run some service on your local machine)

Got this one pretty quickly as my first machine on HTB. Pay attention to the file permissions in the directories and read the contents of the files. I used the limited shell and finished with a reverse shell as root.

@kamee said:
Allright, i have an interactive shell, and have an user who can run scripts. I can execute commands as su, but for some reason can’t read /root/root.txt file. Anyway i can run another script that writes ‘root’ owned file.
I feel i’m pretty close but i must be missing something.

Any hint?

Thank guys

Pretty close! You don’t have the correct permissions to read root.txt. Use the powers you have to your advantage.

Can someone please DM me a hint to getting root.txt PLEASE!!

well that was…interesting. I was so close. On the right path so many times. that ‘Priv esc’ sure taught me a lot.

This is my first box, can someone give a tip if i’m heading in the right direction. I’m looking for a way to upload a file to the site running on 80. I have found one directory (starts with U) and i’m dirbusting it to look for anything interesting though have yielded nothing. Currently, I don’t believe any other interesting service is running, or that any exploits in msf are of use to me.

hi, you dont need to upload , keep searching ,read the page a little bit more

Found my start point! Needed to start with a high level enumeration.

Root is still evading me, I’m currently focusing on the on the python script i found (trying to not give too much away), am I on the right track, or should I abandon this ?

@ipbsec said:
Root is still evading me, I’m currently focusing on the on the python script i found (trying to not give too much away), am I on the right track, or should I abandon this ?

You’re on the right track.

Just got root. Great learning as always with HTB.

Hi,
how can I check/find from which directory root user run some scripts? If he even run…

ok, so got the reverse shell, then the user, then somehow the root. I don’t wanna give any spoilers but after getting root i was very confused on how i did it. I did alot of looking around and research and it kinda just fell into my lap. i don’t wanna say im disjointed but i don’t i fully grasped what happened and how i got it lol. someone please pm me?

Ok, i have the reverse shell but can’t crack the privesc, i’ve tried several ways to get the file without privesc to root first using scripts running as a user with script exec permissions but I can’t read the target root file. Can anyone throw me a bone :slight_smile: ?

@ipbsec said:
Ok, i have the reverse shell but can’t crack the privesc, i’ve tried several ways to get the file without privesc to root first using scripts running as a user with script exec permissions but I can’t read the target root file. Can anyone throw me a bone :slight_smile: ?

My last question is a bone… :stuck_out_tongue:

@blackangel said:

My last question is a bone… :stuck_out_tongue:

hmm, not a very meaty bone, though it has given me an idea for a next step.

Hi, I keep getting asked for the password of ************ user in order to run commands as that user, what am I doing wrong? Can anybody PM me please?

Guys, I need some help! I have the user flag, but I got it without getting the shell on terminal, I just got it from the browser. I tried using netcat for getting the reverse shell, but it failed. I also tried using bash for the same but no luck! Can anyone please help?

@codenameroot said:
Guys, I need some help! I have the user flag, but I got it without getting the shell on terminal, I just got it from the browser. I tried using netcat for getting the reverse shell, but it failed. I also tried using bash for the same but no luck! Can anyone please help?

If you want a subtle hint on getting a shell, PM me