Traverxec

@dr0ctag0n its not intended. There is a HTTP dos vulnerability on it that people love to try by some wierd reasons!

Type your comment> @stoffern said:

@dr0ctag0n its not intended. There is a HTTP dos vulnerability on it that people love to try by some wierd reasons!

the server was not booted at all in the VIP labs, i just booted it fresh after waiting several days since release and it’s still doing that. Tried using the initial shell to save a binary shell and run it and it still stops responding after a few mins. :confused:

got user password cracked… but its not working when i ssh?!!

Spoiler Removed

Epic box :^)

Thanks @w4x for nudges

root@traverxec:# id
uid=0(root) gid=0(root) groups=0(root)

Was anyone able to get a shell on the box without using the common tool for automating things like this? send me a message if you have a way please.

Edit: Please ignore. I am an idiot and never thought to read the source code in this tool.

Rooted! PM me for hints :slight_smile:

Rooted very nice box :smiley:

Root was just “Wow!”

That final mental leap to get root was really, really cute. Maybe think outside the terminal box to get this one if you’re struggling ;). Nice work, jkr.

Finallly got root . Thank you @rholas for help.

pleas PM if need any hints

¡Rooted! I can say that I learned interesting things with this machine. My advice and hint are.
User: Always check the configuration files and read the permissions carefully.
Root: gtfo bins is the key, nothing more and nothing LESS.

This thread can help: https://www.reddit.com/r/hackthebox/comments/dy8t4j/traverxec_help/

There’s someone massively spamming the box with broadcast messages. Can anyone help?

EDIT: Rooted. That was nice :slight_smile: PM for nudges.

got user password cracked… but its not working when i ssh?!!

Someone please help with the hash , can’t crack it with john or hashcat and i believe i have to convert the hash to john format but don’t know how.

Spoiler Removed

have been struck at root for the past day, I found the interesting script & read GTFObins yet I fail at whatever I try with these. Can someone please nudge me in the right direction

Edit: Nevermind, I was able to finally root it. This machine taught me alot about linux in general, was great fun.

I am in the hidden directory, got the private and public key for user d**** I know how to to use the private one but I cannot “cat” it even if I move it to another directory. I tried to move it to my local machine but nothing. Any tip of how to read its content. I guess the cracked password from the first steps ( using john) is used later as passphrase. Thanks!

no passphrase actually… But the dir/file is accessable from other than the cli… as you know where it is, you should know where to access it?