Traverxec

Just finished the box, struggled a little with user at first, root was quite straight forward though.

User: Besides the obvious thing, check the manual and go back to read the c… file . It will tell you what there is to look for (even though you might not be able to discover it easily straight away)

Root: Reminded me a little bit of an otw bandit challenge. Once you found out what can be executed you may want to test it out in a less “restricted” environment.

Feel free to PM me for nudges

Thanks @jkr for nice machine :slight_smile:

Rooted !

Real funny box, specially the root part XD

Feel free to PM me for hint (user /root)

I can’t think of a better box with such a wonderful narrative no less, to build a strong Linux/GNU foundation. Makes me take a fresh look at some of the commands and utilities I use daily. What an awesome box by @jkr as usual. Thanks!

Any help with root? I know its to do with GB and l**s but struggling to find the right syntax to put in the file

Rooted!

Initial foothold: too much easy
User: don’t try to bruteforce the pass, bruteforce the key :wink:
Root: Simple but tricky… one advice: when you read gtfobins, the most important part is the first line, where it talks about a very small editor.

Type your comment> @KevSex said:

Any help with root? I know its to do with GB and l**s but struggling to find the right syntax to put in the file

DM me

wow, just got root. That was embarrassing…

Type your comment> @jklmnop said:

John is not helpful, any tips to get user please.

Cats are helpful. They love playing with hashes

Type your comment> @nardin said:

Rooted!

Initial foothold: too much easy
User: don’t try to bruteforce the pass, bruteforce the key :wink:
Root: Simple but tricky… one advice: when you read gtfobins, the most important part is the first line, where it talks about a very small editor.

And also, don’t try to get root with terminal in full screen.
You’ll thank me later :smiley:

Root was quite easy if you know how the thing works but I don’t get the full screen reference, maybe I did it in a different way.
User was a bit tricky at first because I was barking at the wrong tree, but than I knew that something was there, so I followed the white rabbit to get there. Also I didn’t use the creds, so there must be two ways in. Let’s have a look.

Overall I enjoyed the box. Thank you @jkr

Rooted!

In my opition this machine is so CTF =/
But I learned much with this machine!

Thank you @w4x and @cha63!

Hack The Box

Type your comment> @joshibeast said:

Type your comment> @nardin said:

Rooted!

Initial foothold: too much easy
User: don’t try to bruteforce the pass, bruteforce the key :wink:
Root: Simple but tricky… one advice: when you read gtfobins, the most important part is the first line, where it talks about a very small editor.

And also, don’t try to get root with terminal in full screen.
You’ll thank me later :smiley:

wtf, thanks

Rooted :smiley:

Hints:-
User : Enumerate, Read code,get the file and you know what to do with it :slight_smile:
And stay away from rabbit holes :stuck_out_tongue: dont get excited after cracking a credential :stuck_out_tongue:
Root: GTFOBINS, Read manual and well somethings work when things are smaller.

Everything is right in front of you,open folders,read codes.

There is an issue with the box and p80 right? @jkr said so in a tweet upon release. Am I correct or are we looking for something else?

Rooted. Thanks @jkr for the fun box. I was way overthinking the root method - I knew exactly what to do but I apparently like my space too much :slight_smile:

Type your comment> @jklmnop said:

John is not helpful, any tips to get user please.

if the creds dont work on ssh, there is another option. you should find something in a folder where you can not see anything. maybe the config could help you out?

@bertalting said:
Can anyone confirm if i should look at cron jobs to get user ?

no cronjobs…

Howdy all, I have the password for user d, I’ve read n…f and I looked at the docs and found something interesting. I’m in /h…s and getting a Permission denied error for what I’m trying to touch. Any tips?

Spoiler Removed