• Stuck with the creds on the API, any nudges?

    Check out my blog
    Always happy to help! but please consider dropping some respect. ^^

  • i believe both uname and pw is the top 1 on the wordlist..


  • @0byte, silly me, got it thanks!

    Check out my blog
    Always happy to help! but please consider dropping some respect. ^^

  • Don't really do the forums, but finally rooted this and would like to say thanks to @thek

    Really enjoyable, and the user part was a great example of how you can gain a practical understanding of some theory. Root was frustrating but RTFM able, Really enjoyed it.

  • edited November 2019

    Argh, have hard time cracking the s** key for b***, please someone PM for some nudges.

    EDIT: Nvmd, got it, thanks to @Rolesa, missed an important enumeration.

    Check out my blog
    Always happy to help! but please consider dropping some respect. ^^

  • edited November 2019

    edit: probably spoiler

    the machine behaves differently compared with this morning, after issuing a reset it should be in the exact same state, but it is not

  • edited November 2019

    edit: probably spoiler

  • edited December 2019

    about 1,5h after reseting the machine, the machine allows me to execute the uploaded reverse shell... looks like I missed part of the URL (shell.php?numeric)

  • edited December 2019

    edit: got it

  • edited December 2019

    Can anybody give me a hint, because I stuck on enumeration and I can't find anything people talk about here. Only found api ( but no creds), b*******hp and in***

    EDIT: got user, but I can't find a way to get a second user. I also found .c*t file, but I don't know how it can help me. Can anybody give me some hints?

  • edited December 2019

    Stuck at a point where I am able to s** as b*** and log in to the b* app with the creds I found.

    The next step is most likely to get a reverse shell through the app, but not sure how to proceed with it. Nudges are highly valued!

    Edit: Moved a step forward, thanks @aho!

  • oh man finally rooted, PM for nuggets

  • Finally I got my root shell.
    Nice box, user part was pretty straightforward.
    Root part is so cool.

    Click here for HTB Profile: You are welcome to contact me for a nudge, but if I help you, please consider giving respect.

  • w4xw4x
    edited December 2019

    Allelujah, rooted. After a reset, someone have deleted the root flag, i've searched everywhere.. -_-'

    If i helped you, +1 respect please !

    Hack The Box

  • edited December 2019

    Rooted, my first hard box was really fun. Thanks to everyone who helped me! @Rolesa @gorg @aho .
    Please, PLEASE don't delete flags next time, I've lost 1 whole day enumerating beyond the intended.

    PM for nudges.

    Check out my blog
    Always happy to help! but please consider dropping some respect. ^^

  • I got root.txt but not rooted yet!
    Maybe tomorrow :)

    I wasn't familiar with r****c but it seems like a really good tool.


  • edited December 2019

    -- deleted

  • Need nudge towards root - have access as bt user. found some interesting files in the folder where the bt app is hosted and a c*t file belonging to w-d user (couldnt extract due to invalid format). I see that r****c may be the exploitation path but dont know how to piece all this together. DM please for nudges.

  • So, rooted finally. My first hard box, what a journey! Had fun with this one. Thank you @thek

    I'm not gonna write any tips this time- plenty of help already in this thread. Probably even too much. Nevertheless PM me for nudges if stuck.

  • edited December 2019

    Anyone else is having a problem, when logging in into the web app - the credentials are right, but it shows an "Uncaught Exception", and cannot continue from there?
    EDIT: Never mind, changed the browser, had some issue with cookies.

  • i'm really stuck on priv-esc, i'm on the webapp dashboard and I've tried everything I can to get revshell/codeexec... but i'm still there. Someone who can help me? D:

  • edited December 2019

    Any hint for initial part?
    Found .r.h*/v2 but can't find anything interesting :/ tried enumeration . (have creds)

  • So, i've got the user b**t but have no idea where to look for root. i've found a hash from .versin file and it's salt from the same directory. i've also got a login form in /bot. How should i proceed

  • Wheww...rooted...thankyou @Kamperr @idomino @3l0nMu5k for the nudges

  • Thank you for the box.

    Both frustrating and rewarding at the same time.

    I learned new tricks.

    In case anyone is stuck, feel free to PM me, but I think there are enough hints in the thread.


  • Wow!
    My first hard rated machine and that's looks good for me.
    Vector is always obvious, but you need to think and RTFM a lot. (at least that was so for me).

    Many thanks to @thek
    Learned a lot, was not familiar with any of software used here lol.

    Making my way from newbie to pro

  • edited December 2019

    Done Man that Re**** was tough..

    Hack The Box

  • Puh I got root. Thx to @3l0nMu5k for his help! I learned a lot. Never heard about this software before.

  • Got user finally, went down a rabbit whole with the D***** r******* v2 ap*. Finally figured out the commands to do it correctly, then its all enumeration. Onto root.

    Hack The Box

  • Rooted. User is very easy. Root also is not very hard but nice!

Sign In to comment.