• edited January 4

    Type your comment> @wewppp said:

    Type your comment> @c4ph00k said:

    How many time John needs to finish his job? I started it 3 hours ago and he is still working...

    I did a stupid mistake...

    bro just use the most common wordlist that you can find like rkyo*.txt

    i did a mistake with other file and not the correct one, I solved and john works correct with rkyo*.txt. i got the user flag, now i'm working for the root.

    edited - rooted, a bit dislike about the root, I used msf. did somebody use a different approach? If yes, can you kindly PM me?

  • I quite liked this puzzle, I think it was perfect for me as a first box. Although I must say that the ik file and fact that it was possible to s into the r**** user felt a bit artificial to me. At least On Ubuntu, by default I get nologin for the user r**** and I can't see why would anyone change that.

  • edited January 4

    Just rooted this machine. Such a good box. Both user and root was interesting. If you get stuck, don't focus on just one port in exploiting throughout the stages.

    If you complete root then you know how some people would have gotten root before user.

    Thanks to @s1lv3rst4r @wewppp and @deepc0re.

    PM me if you need any help.


    Edit: Has anyone found a non-m********* exploit for root on the internet? It would be good in case this comes up in the OSCP. Otherwise, I think I'll just write my own based off the currently available one.

  • I think I had root. I was in a shell and asked who am I and the response was root.

    I was able to display /etc/shad ow but then l lost my VPN connection. Then my VM crashed and I had to rebuild it. I tried the same steps I had before and did get access to root.

    Maybe somehow I was given a gift by someone else.

    So now I've found an additional user and interesting file but I can't figure out what to do with them.

    Is is possible to copy the files?

    The is metaexploit I've tried but either it is the wrong one or I have it configured wrong.

    It is frustrating because everything seems to be a rabbit hole. My getting a foothold is an example the procedure I used I had several examples but they all left out a keypoint until a user here gave me a nudge.

    Any additional nudges would be appreciated.

  • Hi all this is my first box and I need a nudge please. Tried w***** exploit, tried r**** different approaches still cant figure it out. Now doing S** but get denied all the time. Please someone help me THNX

  • Finally rooted.

    This box took me approx 8 hours in total but that was more down to me not thoroughly taking the time to do the research and really understand whats going on.


    User: When you find the guide on how to manually exploit the thing you can pretty much follow it step for step just be aware that things may not be in the exact location as indicated in the guide.

    Once in look around to find something useful to allow you to pivot to another user

    Next If something isn't working even though it "should" investigate why not.. Check config files.

    Root: Remember back to initial enumeration. Try again with what you have now.

    Hopefully that'll be of some help or assurance that your on the right path.

  • I got user and root. ISeveral people helped but especially @c4ph00k k.

    This was my first machine and I learned so much just in process. Everything was a challenge and I had to go research it. Then in the middle of it the VM I was using crashed. My other VMs kept working but the one with my notes dead.

    I still don't know what some of the cryptic notes mean that were left here in posts.

    One of my biggest frustrations was following the correct script but having it being wrong by the author.

    If you need help PM me I certainly need to pay it forward.


  • Got user and root for my first box! A lot of the hints were helpful here. It does seem that others used different methods, some which did not work for me. I liked having to use multiple approaches to achieve everything.

  • Are you guys running john on the .bak file because I need help with that


  • Rooted, the most difficult part if you don't use a py script is the other users who are continuously flushing. Also for the root exploit spend an hour wondering why it didn't work before realizing I had to use tun0's IP as LHOST....

  • A public thank you to @daman1 for pointing me in a good direction.

  • @Slxyre
    There's a tool to use with John for what you're trying to do. Try searching for s****** That should help you get what you need to get to the next step for the user flag.

  • @SaltEngineer So I cracked it but when I try to SSH it says connectiontion closed by [ip] on port 22
    Which leads me to believe its the correct passphrase but not working.


  • Hi all I need a nudge for getting root tried different CVE found the .**k files but cant seem to make it work. Can PM me will really appreciate it.

  • @Slxyre
    There are more things you can do with that than what you're trying. Think about other common issues that you might see involving the info you just got.

  • Got user and root!
    Hint: if you are struggling to find your way in after c**********8, then make sure you read carefully all available to you websites. I was stuck on this for quite some time.
    PM for more hints :)

  • Rooted pm for nudges thanks to @SaltEngineer and @ReservedEhlek for the help. Respect.


  • Can anyone tell me if the machine has been patched? I managed to get both user and root in a single swoop and am currently helping someone else getting through this box.

  • My first box done thnx to all that helped in a way or another: @BugZ , @ReservedEhlek , @OddRabbit , @deepc0re , @daman1 If someone needs a small push PM me.

  • edited January 6

    Can they please stop putting these insanely difficult boxes under easy..

  • Spoiler Removed

    Hack The Box

  • easiest box ever lol

    hints /*find creds

    and use port 10000 exploit

    and gain a meterpreter shell :) */

  • just rooted the box without metasploit, using owasp-zap and the manual request editor. sweet one, I learned a lot during the inital foothold...

    hints: enumerate, google and don't just run the exploits, try to understand how they work, what they do. and if you fail, try harder. :)

  • edited January 7

    Hello, I've managed to ---------- can I get a help here to validate that my action is on the right path? Thanks

    EDIT: somehow im in,

  • Type your comment> @rmn0x01 said:

    Hello, I've managed to ---------- can I get a help here to validate that my action is on the right path? Thanks

    EDIT: somehow im in,

    ok im still bamboozled by how i can get in to user, anyone up for a question? Thanks

  • Could anyone give me a slight push in the correct direction? I have tried two ports, multiple exploits, directory fuzzing, manual exploitation and nothing seems to be taking a hold.
    With one port I am getting read-only slave.
    With the other there is nothing really to go with. Any help would be appreciated.

    Don't forget to +respect if I have helped you out at all.

    Happy Hacking!

  • when people say "root was easy" or "user was easy" for beginner dont look that way but when they say that means "there alot to learn for beginnesr" but all in all that that cook book is really cooked for beginner

  • Can someone point me to the right directory to point the ss* key to?

    KIndly PM

  • Type your comment> @Lytes said:
    > Can someone point me to the right directory to point the ss* key to?
    > KIndly PM

    In which file keys should be placed? Think about how to do it trough vulnerable service r**is
  • Type your comment> @Nism0 said:

    Type your comment> @Lytes said:

    Can someone point me to the right directory to point the ss* key to?

    KIndly PM

    In which file keys should be placed? Think about how to do it trough vulnerable service r**is

    Got it. Turned out I had the right directory from start but other users were overwriting my key, I wrote a script to speed up the process.

    i found i********k and i decrypt it and i got c********8.Then I used it to login user M*** but it keeps saying Connection closed by port **.

Sign In to comment.