Traverxec

Do you think creds could be a rabbit hole?

Donā€™t get too much stuck on the creds you find, look for ā€œbetterā€.
Currently stuck on root, Iā€™m pretty sure it has to do with all those logs but not sure how.

thank you for the nudge, and now I feel stupid.
user hint: read that interesting file you found very carefully and make sure you know what each line does.

Type your comment> @idomino said:

thank you for the nudge, and now I feel stupid.
user hint: read that interesting file you found very carefully and make sure you know what each line does.

you mean at nā€¦o folder?

Type your comment> @protei300 said:

Type your comment> @idomino said:

thank you for the nudge, and now I feel stupid.
user hint: read that interesting file you found very carefully and make sure you know what each line does.

you mean at nā€¦o folder?

yeah

Rooted ! :slight_smile:

root@traverxec:~# ls
nostromo_1.9.6-1.deb  root.txt
root@traverxec:~# 

Rooted!

Root is really simple.

Hint: Just look at the file you will find as userā€¦and you may see a very suspicious command.

Still cannot see anything under restricted shell

Correct me, if i am wrong, but smth interesting in hā€¦f file???

Type your comment> @MasterSplinter said:

Donā€™t get too much stuck on the creds you find, look for ā€œbetterā€.
Currently stuck on root, Iā€™m pretty sure it has to do with all those logs but not sure how.

iā€™m stuck on root too, i think iā€™ll need to symplink stuff with other stuff to get the job donn

ok, that was straightforward :slight_smile:

# id
uid=0(root) gid=0(root) groups=0(root)

@ToneDef said:
Rooted!

Root is really simple.

Hint: Just look at the file you will find as userā€¦and you may see a very suspicious command.

the simplyest stuff can make you go crazy sometimes

Yup XD

Is the box down for anyone else? I lose connection every few minutes

Got user.

For people having problems/getting nothing after getting creds : yeah they can be useful somewhere but you must enumerate and read some files to better understand where you can use them :). You should wonder why there are creds here and for what they are needed/supposed to do

Sorry if I say too much, itā€™s my first time giving my opinion and advice here xD

PM if needed

Got user now too.

Go going for rootā€¦ but didnā€™t found anything yet. Can someone PM me a nudge?

rooted

PM for nuggets

Hack The Box

Initial: Fastest foothold Iā€™ve ever got. 2 steps to get an easy shell.
User: Read files carefully, ignore rabbit holes and RTFM.
Root: You should spot the method fast, try it locally to understand how to make it work.

Spoiler Removed

Finally.
Foothold: DDoS? Really? Check the description before run something!
User: check that same place where youā€™ve found those creds. Make yourself familiar with capabilities of the service and ask yourself what permissions should you have to view that content.
Root: was mindblowing for me. Itā€™s right in front of your eyes once you logged in, but you just cannot violate args. Fortunately, there is a way to substitute one thing with another and use the same command to get a shell

Iā€™m a bit stuckā€¦ Iā€™ve found the place mentioned in the interesting file, just canā€™t find anything further, not sure what to do with the credsā€¦