OpenAdmin

Type your comment> @up2nogood said:

Can anyone help with the gtbin… i can’t seem to get anything to work without jo* password

find the password then :smiley:

there are ways to get it from what you should already have

@sChr0D1NGer @Dark0 and @seke thanks for pointing me in the right direction. I totally derped and left something out.

Rooted this box last night , super curious on the unintended way to get root, if someone could drop me a line that would be awesome

I got jiy user access already, I found the curl in il. I’ve been using php reverse ***** to escalate jiy access to jo*a but the connection is bad and I keep disconnecting.

Can anyone please PM me a nudge to get jo***a’s passwd so I can use ssh instead. rckyou list + jhn + sha512 didnt work

Hello guys! I got access to j***y but I won’t know what to do next. I looked through the entire user’s home directory, but did not see anything useful. Give a hint please.

Type your comment> @wannabecyber said:

need some help… i have access with jy and i found the files in the i***l folder. If someone could give me a nudge on how to use curls to my advantage i would appreciate it. Thanks

I am stuck on the same please. Have you solved it? Is yes can you give me a push?

Type your comment> @iceroot said:

Type your comment> @wannabecyber said:

need some help… i have access with jy and i found the files in the i***l folder. If someone could give me a nudge on how to use curls to my advantage i would appreciate it. Thanks

I am stuck on the same please. Have you solved it? Is yes can you give me a push?

I’d say look at the entire path to the i******l is and what it’s usually associated with and means, then figure out how to interact with it via curls

Type your comment> @Reiahx01 said:

Type your comment> @iceroot said:

Type your comment> @wannabecyber said:

need some help… i have access with jy and i found the files in the i***l folder. If someone could give me a nudge on how to use curls to my advantage i would appreciate it. Thanks

I am stuck on the same please. Have you solved it? Is yes can you give me a push?

I’d say look at the entire path to the i******l is and what it’s usually associated with and means, then figure out how to interact with it via curls

Will try more stuff. Thanks :slight_smile:

Found the exploit script but nothing I do seems to get it to work. Any help would be greatly appreciated!

Can someone give me a nudge on how to find the thing to ask my friend to read to get user please.

Type your comment> @bato said:

Hi, I’m locked in www-data, some clue where to look please. Thank you

me too …

Rooted, I am a beginner, I locked myself at the beginning but I succeeded.

Type your comment> @dr0ctag0n said:

Type your comment> @up2nogood said:

Can anyone help with the gtbin… i can’t seem to get anything to work without jo* password

find the password then :smiley:

there are ways to get it from what you should already have

I’m also stuck there, can’t find the password

Type your comment> @t4felkre1de said:

Type your comment> @dr0ctag0n said:

Type your comment> @up2nogood said:

Can anyone help with the gtbin… i can’t seem to get anything to work without jo* password

find the password then :smiley:

there are ways to get it from what you should already have

I’m also stuck there, can’t find the password

there are tools to brute force it. it also gives a hint when you get the proper output. try creating a custom selective wordlist to brute force rather than huge ones.

Many people struggling i see, for a little respect i will nudge you further :slight_smile:

I have made initial foothold and got shell for www-data. Trying to get user1 & user2 flag, i found obfuscated code within another format file. Is that a rabbit hole? Any pm for help would be appreciated. Also, because I fairly new to HTB, is it normal for files to disappear on every reset? How reset is working? Is there any way to keep the files I have created in order to acquire the flags remaining?

Thanks for any help.
Sorry for TMI, first time posting here.

@dmw0ng

Thanks, I enjoyd this box :slight_smile:

OK so remember to not be stupid and typo your arguments for a certain program when you need to use it. That’s what tripped me up. I’m also pretty sure that I did it the right way but only time will tell once the machine’s retired.

I had a lot of fun with this box. Dry January depression is in full swing and I needed some kind of win/success today. I started working on this box at 235PM and finished it at 427PM, and I suck at this stuff. Yes, its a pretty easy box, but it reinforces all the skills and abilities you need to work on harder boxes. Very real world imo, because most sysadmins are this lazy and inept, haha.

Foothold: Enum the box, dirb wont tell you everything but its a COMMON starting place. Once you find the goodies, find the exploit with your good friend Mr G. The exploit code will need you to either edit it, or think about the argument youre feeding it. Understand the exploit before you use it.

Foothold > User1: Search through all the files you can with the current account and hunt for some creds. You should be able to stay within the VARious boundaries to find what youre looking for. Use the creds asymmetrically, while considering the aforementioned laziness/ineptitude of most sysadmins/webdevs.

User1 > User2: Look at whats running on the box. Think about the directory structure, and search through it. Youll find a nifty site that you might be able to get to from localhost, there are a few tools/methods for doing this. After succeeding, just remember that ROCKs are YOUr friend. (Took <4min to get what i needed on my slow af laptop)

User2> Root: Do you know what User2 can do? Are they SUperman? GTFO, or ill throw you in the trash BIN. (its literally the first one, if you know how to search right)

Hit me up if you need help (dont forget about the stars :stuck_out_tongue: ).

If this is too spoiler’tastic, lemme know and ill delete/edit it.

deleted