OpenAdmin

1246764

Comments

  • Type your comment> @AnIntrovert said:

    can anyone DM me on how i can upgrade my initial shell, i cant do anything with it atm.

    You may not need to upgrade it. If you can use it to ls and cat then you have enough. It might just be a bit tedious working through various parts of the filesystem, but make sure you have fully explored around where you've landed before you move out too far.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Type your comment> @Hylje5000 said:

    Anyone dm me nudges on root? I already think I went thought G*Bs

    If you enumerate fully you can see what the user account is allowed to do. From here you can quickly find a way to subvert that into a root shell.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • edited January 5

    Rooted the intended way, I think this box needs some work though looking at the comments... nice beginner-friendly box though.

    m3ll0

    OSCP

  • Could anyone give me a hint please? I'm having trouble understanding the script. I'm just getting a $ and no command execution. I'm also not sure where to begin with manually doing it.

    Thank you for your time.

  • Edit the script to point to where you want to go

  • Rooted after roughly 6 hours...
    I feel very stupid now :D

  • Spoiler Removed

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • edited January 5

    Oh man, I got the foothold just don't know where to look from here. Been just "cd" and "ls -a -l"ing through the filesystem with no luck.

    Any nudges from anyone?

    Edit: WTH? Just elevated to user but Is ji*** suppose to have user.txt??? There is no file in his home directory. Should I reset?

  • Anyone that can give me a nudge? I just got to the box and got a low privileged shell.

  • Any tips? I had www-data and one user account within about 30 minutes of this box launching, and been stuck there since..and have yet to see the user flag. Can anyone who's rooted PM me to chat real quick? I can't be far.

  • rooted the intended way. pm for hints.

  • Spoiler Removed

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • @TazWake sorry I was cryptic, I have www-data AND another user. But apparently that's not enough. I got SSH access already. Thank you!

  • PM for nuggets

  • got the shell but need some help for the user

  • Rooted intended way, user and root. Great box for beginners, enumeration and a keen eye is required.

    Thanks to @conan for the nudge for user.

    PM for hints.

    Hack The Box

  • edited January 5

    Initial: What vulnerable version is running?
    User 1: How should you systematically search for enumerated details?
    User 2: Is the strange directory accessible elsewhere?

    Root: GTFObins

  • Very easy machine
    User

    • CVE
    • Follow the trail of breadcrumbs
    • crack and done
      Root

    • did you remember that useless file?

  • wonder what the unintended route was. 11 min first blood... dang!

  • Got initial shell .. traversed around with ls and cat. I found a couple of config files but only managed to get my*** credentials.. but other than that I'm stuck. Anyone can give me a nudge? Thanks.

  • @wazKoo Yeah me too!
  • edited January 5
    Type your comment> @idomino said:
    > rooted the intended way now as well, it was a fun easy box, now another week wait for a new one :(

    Well done, damn your quick 😉
    ”No questions a stupid question”
    <img src="https://www.hackthebox.eu/badge/team/image/1805" alt="Hack The Box">
  • How are y'all rooting this in 11min... yikes... i'm nearly an hour in and my nmap scan isn't done...

  • I found the initial foothold... can someone PM how the heck it's supposed to work? Just keeps giving me a $ sign and no shell. idk.

  • already on shell, but can't acces directories with cd

  • Rooted, that was actually a pretty fun box. User was a bit more complicated than root.
    foothold: /
    user: if you find a pw try it, then do some curls
    root: GTFO

  • i dont know where everybody found vulnerable version, ran directory searching found si*** , mu***, and ar***** but none is using any technology

  • yea.. idk .. I've read every line of every file you can get to in the www dir... there is no creds to be found.

  • and rooted!

    Love this box, 99% user with a little initial foothold and a sharp root.

    HMU for help!

  • Im interested in the unintended way to get root that is mentioned in some of the comments. A PM is very much appreciated.

    GPLO

Sign In to comment.