@dr0ctag0n its not intended. There is a HTTP dos vulnerability on it that people love to try by some wierd reasons!
Type your comment> @stoffern said:
@dr0ctag0n its not intended. There is a HTTP dos vulnerability on it that people love to try by some wierd reasons!
the server was not booted at all in the VIP labs, i just booted it fresh after waiting several days since release and it’s still doing that. Tried using the initial shell to save a binary shell and run it and it still stops responding after a few mins.
got user password cracked… but its not working when i ssh?!!
Spoiler Removed
Epic box :^)
Was anyone able to get a shell on the box without using the common tool for automating things like this? send me a message if you have a way please.
Edit: Please ignore. I am an idiot and never thought to read the source code in this tool.
Rooted! PM me for hints
Rooted very nice box
Root was just “Wow!”
That final mental leap to get root was really, really cute. Maybe think outside the terminal box to get this one if you’re struggling ;). Nice work, jkr.
¡Rooted! I can say that I learned interesting things with this machine. My advice and hint are.
User: Always check the configuration files and read the permissions carefully.
Root: gtfo bins is the key, nothing more and nothing LESS.
This thread can help: https://www.reddit.com/r/hackthebox/comments/dy8t4j/traverxec_help/
There’s someone massively spamming the box with broadcast messages. Can anyone help?
EDIT: Rooted. That was nice PM for nudges.
got user password cracked… but its not working when i ssh?!!
Someone please help with the hash , can’t crack it with john or hashcat and i believe i have to convert the hash to john format but don’t know how.
Spoiler Removed
have been struck at root for the past day, I found the interesting script & read GTFObins yet I fail at whatever I try with these. Can someone please nudge me in the right direction
Edit: Nevermind, I was able to finally root it. This machine taught me alot about linux in general, was great fun.
I am in the hidden directory, got the private and public key for user d**** I know how to to use the private one but I cannot “cat” it even if I move it to another directory. I tried to move it to my local machine but nothing. Any tip of how to read its content. I guess the cracked password from the first steps ( using john) is used later as passphrase. Thanks!
no passphrase actually… But the dir/file is accessable from other than the cli… as you know where it is, you should know where to access it?