Traverxec

17810121345

Comments

  • Rooted! A great thanks to @JuicyyCandy.
    I feel so stupid now....

  • Pretty easy but really funny.
    And of course, learnt a new thing :)

    image
    Click here for HTB Profile: You are welcome to contact me for a nudge, but if I help you, please consider giving respect.

  • Rooted!

    Easy/Fun box

    User: It's quite simple but could be confusing, John is always your friend, man is also your friend.
    Root: Very simple. GTFO Bins

    PM me if you are confused

    Hack The Box

  • edited November 2019

    Rooted! :D


    # id
    uid=0(root) gid=0(root) groups=0(root)
    # whoami
    root

    I'm not sure if this was really easy, or I'm just getting better, but this was my quickest box to root so far. Less than 12 hours total :D

    Pretty much everything has already been said as far as hints go for both user and root, but feel free to PM me if you need a nudge.

  • Type your comment> @frod said:

    Root: I'm not sure what I'm looking for. The s****-s**.sh seems interesting in particular one line. GT***s to gain root access or there's a whole game of symlinking ahead?
    PM me please

    PM me bro

  • So I've hit a wall. I cracked the user password for the web app but I don't know how to authenticate with them. Need some help to figure out what I'm missing here.

  • ROOTED..!!!!!!!!!!!!!!!!!!! Learnt something new..!! Phew.. Need a break.. haha :)

  • Hate to ask for help at this point as I know I'm so close to getting user, but I'm hitting a wall. I've pulled what lies in the place you don't expect, but it's still asking for a password.

    A nudge would be greatly appreciated!

    tj0
    find me on freenode ##security

  • Rooted! Great box, really informative!

    As usual, pm for hints/tips or help.

    And if you used the creds, hit me up with how. I didn't need them in the end but I'm curious

  • edited November 2019

    Type your comment> @PrivacyMonk3y said:

    My meta doesn't allow me to search for the n******o exploit.
    Is there a way for me to update the database or something to include it?
    Some of you are claiming it's in your db.

    Update meta

  • I am having trouble in cracking the hash. I know its in m*5 format and salt$hash. But cant crack. plz help

  • Rooted! Fun machine. Looking back on it, I made it harder than it needed to be.

    PM for hints/tips or help. Thanks to @olsv for the nudge.

  • edited November 2019

    For those who are stuck in either user or root. Here are some Hints!

    User: look closely at the configuration file and search all directories...

    Root: look at the script running with what privilege.. try to understand what is that binary used for and how to exploit it. GTFOBINS is very useful .. check it out. Remember you do not need output but only need input from the binary command. Cheers.

    If these hints were helpful pls gimme respect too. thanx

  • rooted finaly thx to @Shad0wQu35t and @Hilbert

  • Got user.

    Know what to exploit for root, yet don't know-how.

  • Type your comment> @Ma1ware said:

    Got user.

    Know what to exploit for root, yet don't know-how.

    new terminal not full screen.

    Arrexel

  • Rooted!
    Will be busy so won't be able to answer you guys, sorry! But I will surely mention the hints which nobody told and were helpful:

    FOOTHOLD: Straightforward public exploit

    USER: Look at the conf file. What is the thing mentioned there which is only one for a user but two are mentioned. There you go!

    ROOT: It was soooo fun! As everybody said, GTFO is useful. I don't know what others are talking about related to screen resolution. Just remember one thing, you can copy the script and edit it as per your need.

  • Finally rooted the box. I can't believe that it took me this long to figure out the hidden directory. After that, it wasn't all that difficult. Plenty of good hints here. Thx ppl. If you need help, let me know.

    sx02089

  • Can I maybe get som help on how to get user? I have the creds, I know the directory where they are located and also the conf. I just don't know what do do with it.

  • Type your comment> @RandomPerson00 said:

    Can I maybe get som help on how to get user? I have the creds, I know the directory where they are located and also the conf. I just don't know what do do with it.

    Read that config-file very carefully. It tells you a place that appears inaccessible at first glance.

    sx02089

  • Hello Guys!
    That's my first box :D.
    I've got David's password with John but I can't login with that.
    Can somebody give me a hint please?

  • edited November 2019

    s2j is giving me a weird hash and the type isn't working in john even with the s...g format specified; more specifically, that type doesn't show up in the format types when I use john --list=formats and the utility specifically for that type to john states that it isn't a valid key file.

    Edit: I’m just retarded, feel free to pm with questions

    Discord: Ursa#1337

    Ursa

  • I got the creds, know where to use them, but the .h****s hash just wont crack. I have tried Big John and cat with almost all words list, what am i missing, am i suppose to use some salt ?

  • Just throwing this out here... for all the "Not Full Screen" comments, stty is your friend here, no need to worry about screen sizes.

  • Type your comment> @cdf123 said:

    Just throwing this out here... for all the "Not Full Screen" comments, stty is your friend here, no need to worry about screen sizes.

    oh wow, im a dummy, lol

    Hilbert

  • edited November 2019

    So I got .pub files. But cannot cat them

  • Got User. Any Hints For Root?

  • edited November 2019

    Type your comment> @cdf123 said:

    Just throwing this out here... for all the "Not Full Screen" comments, stty is your friend here, no need to worry about screen sizes.

    That was interesting! Had to come back to try this out! Thanks!

  • "There is no way this would work." - 5 seconds before getting root.
    Fun box for beginners. PM if you need a nudge

  • Got user and root! This was my first "active" HTB box!
    Finishing root while using i3 gaps was.... interesting.
    Fun box, thanks JKR!

Sign In to comment.