• Hi Everyone
    Great machine so far, finally rooted.
    But still have some questions opened.

    Does someone reach to bruteforce SSH Key?

    Can somebody explain me why I can make a git clone through ssh but cannot reuse key to access ssh ? ssh is getting completely stuck?

    Thx for your answer guys , enjoie.

    Hack The Box

  • One of the most interesting boxes in my six weeks on hackthebox.

    Thankyou @rotarydrone for having put this together. Really interesting.

  • Thank you @w4x for help with craft.htb! Now going for user and root)


  • edited November 2019

    I really need some help with this box. having a hard time just getting started.

  • edited November 2019

    Nice box !!!! Enjoyed lot , Also learned lot of things and i got know new technologies.

    Thank you so much who are helped me with this box @GPLO and @crankyyash

  • anyone willing to point me in the right direction Found creds but not sure how to use them

    Thanks for your time!

  • Could use help on crafting the payload. Got t****, tried five different payloads(That work locally) with lots of different escaping.. nothing pops a reverse shell

  • Rooted. Nice Box:)


  • Rooted !

    Very nice box, I love it.

    If need help you can ask on pm.


  • Rooted! Feel free to contact me for hints :)

  • Greate box had a lot of fun solving it, also learned alot of new stuff :)
    [email protected]:~# wc -m root.txt
    33 root.txt

  • Last login: Fri Nov 22 04:11:15 2019 from
    [email protected]:~# ls
    fun box, good for my python knowledge.

    still, all the hacking i did was on a windows 7 machine :)

    windows 7 is my rig :) if it can't be done on windows, i fail.

  • My reverse shell will not run mySQL commands. Can sometime tell me if my reverse shell is inadequate?

  • what about using php to query db? :)


  • I have rooted the box, but there is no root.txt. Is that normal? (It's my first machine on HTB)

  • Kudos to the creator to spend some time in making the machine as close to the real-life misconfigurations and lapses. Gilfoyle is my idol, so it is very hard to believe he did some horrible mistakes. Hints:-

    User:- Think from the perspective why Dinesh is always ragged. What kind of commitment he has towards the repo. You will find pieces to the puzzle.

    Root:- I wasted a lot of time doing something I should not have. Read the repo and stick to whatever is in scope.

    Happy Rooting


  • user: Like others, this is the difficult part. You will need to know how to reverse a shell by taking advantage
    of a Python function that is available in the repo.

    I realized that upgrading my shell using the pty module in Python was not working, and this was because the chroot
    enivorment does not include /bin/bash, but you have to specify /bin/sh. I believe that the jail will limit you to
    Busybox commands. Upgrading the shell is done in most of Ippec's videos. Learn this technique, it will save you a
    lot of guessing.

    root: Check out the new repo that you have access to. There is a program that stores SSH creds that allow you to
    login to remote/local machines. This part should not take long.

    other: My reverse shell was very slow and kept timing out, I do not know if this is by design or if this was just my
    shell? I know there is a lot left out, but I did want to provide a few tips. I spent 80% of the time trying to
    hack the box without visiting the forum, but after visiting the forum, it quickly provided the missing gaps to
    hack the box.

    fyi: to try harder, exhaust all your resources before visiting forum, document the new commands you learn, and
    stay away from msfconsole. Msfconsole is rarely the answer for boxes here.

  • Type your comment> @quantlink said:

    I have rooted the box, but there is no root.txt. Is that normal? (It's my first machine on HTB)

    Okay, found the obvious answer myself. Finally escaped and rooted the machine really.

  • Good box, there are plenty of hints in the forum but some of them are vague.
    PM via Discord if you need help.

    Discord : secHaq#7121

  • edited November 2019


    I got user on craft and stuck on it.
    can't get the root.
    i found v**** service but can't figure out how to use it to gain root access.

  • Rooted it
    DM for any help

    For faster response ping me on discord


  • edited November 2019

    Just rooted,

    --- user:
    - Follow the obvious path
    - You are!? time to read some production code
    - login in the wanted service
    --- User
    - That second repo is useful in other way
    - documentation

  • edited November 2019

    omg such a satisfying box and so similar to setup's I've worked on irl

    In the initial foothold, I couldn't craft a rev shell that worked so I got drunk and went fuck it, creating my own version using the commands I knew worked. Never done anything like that b4, which was fun.

    The user was quite easy but I had a bit of a 'doh' moment when I realised my script was limited to 1 result (facepalm). Then look around in places you may have been before with the details you find here. No brute needed.

    Root was pretty easy too. RTFM for that thing you found on the last step.

    Oh and the theme made me scream for joy when I found it

  • edited November 2019

    Rooted ,DM if u need help :)

  • edited November 2019

    Got user and root. For root read the documentation and apply it to the obvious .sh file and construct your own command based on the two. Shout out to @nirodha42 who helped me with my obvious stupid mistake with the db to get the additional users.

  • Rooted. Really fun box! Got stuck on the initial shell but finally got it. Root was all about reading the manual as others have said, I had never heard of the service before but figured it out rather quick.

    Pm for hints.

    Hack The Box

  • edited December 2019

    So after three days I was able to get shell thanks to hevr and the many others who helped. Now onward and upwards and more days and days of struggling of figuring out whats next on the menu of pain.

  • Is it worth trying to exploit CVE-****-*4? I was thinking in getting a reverse shell with g h***s.

  • edited December 2019

    done 1x24 hours. insane box. great job for the author
    rooted already. user.txt and root.txt owned
    the hardest part on this box is finding the hash for me

    need help ? PM me :D

  • I can't believe I spent so much time working on the payload to gain the initial foothold! My reverse shell kept closing and closing again. It was because I was calling a binary the system obviously didn't have installed. Too much overthinking...

Sign In to comment.