Traverxec

Root was quite easy if you know how the thing works but I donā€™t get the full screen reference, maybe I did it in a different way.
User was a bit tricky at first because I was barking at the wrong tree, but than I knew that something was there, so I followed the white rabbit to get there. Also I didnā€™t use the creds, so there must be two ways in. Letā€™s have a look.

Overall I enjoyed the box. Thank you @jkr

Rooted!

In my opition this machine is so CTF =/
But I learned much with this machine!

Thank you @w4x and @cha63!

Hack The Box

Type your comment> @joshibeast said:

Type your comment> @nardin said:

Rooted!

Initial foothold: too much easy
User: donā€™t try to bruteforce the pass, bruteforce the key :wink:
Root: Simple but trickyā€¦ one advice: when you read gtfobins, the most important part is the first line, where it talks about a very small editor.

And also, donā€™t try to get root with terminal in full screen.
Youā€™ll thank me later :smiley:

wtf, thanks

Rooted :smiley:

Hints:-
User : Enumerate, Read code,get the file and you know what to do with it :slight_smile:
And stay away from rabbit holes :stuck_out_tongue: dont get excited after cracking a credential :stuck_out_tongue:
Root: GTFOBINS, Read manual and well somethings work when things are smaller.

Everything is right in front of you,open folders,read codes.

There is an issue with the box and p80 right? @jkr said so in a tweet upon release. Am I correct or are we looking for something else?

Rooted. Thanks @jkr for the fun box. I was way overthinking the root method - I knew exactly what to do but I apparently like my space too much :slight_smile:

Type your comment> @jklmnop said:

John is not helpful, any tips to get user please.

if the creds dont work on ssh, there is another option. you should find something in a folder where you can not see anything. maybe the config could help you out?

@bertalting said:
Can anyone confirm if i should look at cron jobs to get user ?

no cronjobsā€¦

Howdy all, I have the password for user d, Iā€™ve read nā€¦f and I looked at the docs and found something interesting. Iā€™m in /hā€¦s and getting a Permission denied error for what Iā€™m trying to touch. Any tips?

Spoiler Removed

Quite straightforward step by step. Thanks. Still took me 2h, spent way too much time enumerating on initial shell. Got initial shell in like 1min. then spent like an hour and a half before i read the whole file with thought. Then it was just doing.

ā– ā– ā–  port 80 closed on VIP 15. Please fix, Thank you!

Edit: spent like an hour trying to find an SSH exploit. Lol FYI port 80 is not supposed to be closed.

@B374 said:
Why Iā€™m getting kicked from ssh when connecting with user david?

Broadcast message from david@traverxec (somewhere) (Mon Nov 18 14:49:50 2019):

double edged

Those creds arenā€™t for SSH

Type your comment> @Huejash0le said:

ā– ā– ā–  port 80 closed on VIP 15. Please fix, Thank you!

Edit: spent like an hour trying to find an SSH exploit. Lol FYI port 80 is not supposed to be closed.

I had to switch to EU VIP and could see port 80 open.

Comment Deleted

Can someone pm on root please. I see the file, I see the way to root, however everything I try just results in a normal shell not a root shell.

Good box with some easy and interesting stuff to explore, even though the connectivity was not stable

Rooted ! Fun box. It seems that you can stare blind and focus on 1 particular thing or command. After rooting this one i felt so stupid. :slight_smile:

DM me if you need a little nudge

Interesting box

Foothold: CVE

User: Think logically, hard to explain what I mean by this without spoiling. Once youā€™ve read the file everyone is talking about, go back to the home dir, what permissions exist? Something is odd. How can you be in another directory but canā€™t view contents ? Mess around in there and refer back to the ā€œfileā€ and keep thinking and experimenting is all I can say. Even this is probs going to be removed might be too much spoils

Root : IDK why people are saying to minimise the screen xD You can keep a full sized screen just understand what is going on exactly on that thing youā€™ve found. Understand it phrase by phrase, command by command, the GTFObin reference will help you understand why people are emphasising the word ā€œLESSā€ - and from there, keep doing more logical thinking and experiment, youā€™ll get it. I got it by mistake ā– ā– ā– ā–  it was a test run and ended up being the thing that worked

Rooted, fun box @jkr !!