OpenAdmin

1101113151664

Comments

  • Anyone want to help me with script.sh ? It always displays $ sign ? i am doing something wrong ?

  • Type your comment> @khalid said:

    Hello guys
    now i managed to get the second user, and i'm trying to get root
    when i try to run SU** -* command it gives me this error:
    ****: PERM_ROOT: setresuid(0 , -1 , -1): Operation not permitted
    ****: unable to initialize policy plugin
    , any idea?
    please help

    Same Here, can some one give a nudge on root user.

    RaNa

  • Type your comment> @fooforce said:
    > Anyone want to help me with script.sh ? It always displays $ sign ? i am doing something wrong ?

    If the script does not work try running the commands line by line in a terminal.

    Don’t be fooled by the $ sign though. Its not a Shell you get when it works, more of a remote command execution.

  • Hey guys, I am pretty stuck atm. I get a user2-shell by putting something somewhere and calling it. But it's unprivileged and no way to alter it. So the interesting commands don't work. I tried many payloads i know and from msfv.

    Ohter's point towards the thing you get from somewhere, which I processed the usual way but it keeps asking for another password. Afaik that means it didn't really work.

    Can you give me a hint?

    Hack The Box

  • edited January 8

    Rooted! Very good box. I have learned a lot. The hints here more than enough for you to solve. However, you have to feel pain along the way it is best way for learning. :)

  • Type your comment> @RaNa said:
    > Type your comment> @khalid said:
    >
    > (Quote)
    > Same Here, can some one give a nudge on root user.

    Which user are you running as?

  • Been stuck for the past few hours on getting the second user. So I am currently in j**** trying to get access to j*****a. Found the interesting thing in the i******l folder w/ the i**.p files. I think I understand what those files are supposed to be doing but I do not understand how to make use of them. Found the password in one but haven't made any progress since then.

  • Type your comment> @3ken45 said:

    Type your comment> @RaNa said:

    Type your comment> @khalid said:

    (Quote)
    Same Here, can some one give a nudge on root user.

    Which user are you running as?

    j****a

    RaNa

  • Type your comment> @RaNa said:
    > Type your comment> @3ken45 said:
    >
    > (Quote)
    > j****a

    Then you are on the right user, and it should work...

    Try resetting the machine. Also check the uid of the users in passwd to ensure no one tampered with that file.

  • Rooted! Definitely helps if you don't stay in a reverse shell for user2. Thanks @IvanGlinkin for the hint!

  • Type your comment> @Nebr0s said:

    Hey guys, I am pretty stuck atm. I get a user2-shell by putting something somewhere and calling it. But it's unprivileged and no way to alter it. So the interesting commands don't work. I tried many payloads i know and from msfv.

    Ohter's point towards the thing you get from somewhere, which I processed the usual way but it keeps asking for another password. Afaik that means it didn't really work.

    Can you give me a hint?

    I kind of answered that question myself ;)

    Thanks for the box!

    Hack The Box

  • Rooted.
    Foothold definitely takes more than the rest, but once you get in everything is very straightforward.
    as a side note: much of the difficulties I encountered were due to the stains of sticky fingers left here and there by others..
    Please, remove your own artifacts from the boxes once you're done, and avoid messing up the actual files, thanks!

    echo start dumb.bat > dumb.bat && dumb.bat
    doh!

  • edited January 9

    Need help with the curl part currently stuck with i**l as j*y.

    Disregard I figured it out. :p

  • @Cyb3rS41n7 said:

    Need help with the curl part currently stuck with i**l as j*y.

    Disregard I figured it out. :p

    I'm stuck there too any tips?

  • Type your comment> @magrene said:

    @Cyb3rS41n7 said:

    Need help with the curl part currently stuck with i**l as j*y.

    Disregard I figured it out. :p

    I'm stuck there too any tips?

    PM sent

  • edited January 9

    I have a shell as the first user and found the i******l dir as well as what I should be doing. But I'm having trouble with the body of the POST request. Should I be looking to crack the str in the file? Had no luck with rock. :/

    any tips/nudges; am I on the right track?

    EDIT: I'm a big dumb. Rooted! Let me know if you need any help :)

    zweeden

  • Can someone PM me, I am at the very end as J****a and at GTFO i know what to use to get the interactive shell. I run it but still says i am J****a and no root permissions. Can someone who completed it double check for me? just need to see if im doing everything right or missing something. Thank you.

  • edited January 9

    deleted

    LMAY75
    Always happy to help, DM me if you need anything!

  • Type your comment> @tony201 said:

    Can someone PM me, I am at the very end as J****a and at GTFO i know what to use to get the interactive shell. I run it but still says i am J****a and no root permissions. Can someone who completed it double check for me? just need to see if im doing everything right or missing something. Thank you.

    @tony201 pm me if you still need.

    IamKsNoob

  • edited January 9

    Type your comment> @LMAY75 said:

    Who can help with using john... don't think ive actually ever used it before lol

    google

    I have j***a pass but every time i try to use it i have wrong pass, is it b*********a really?
    i got the user flag, but i cant have user 2 shell, i'm trying to get root without user2

  • Why would anyone change the permissions of i*******l folder? I swear yesterday I had access, but now r is not there.
  • edited January 9

    Rooted!
    What a fun box! Some spots were tricky for me as a new person, others where not too bad!

    Initial:
    Do your enumeration. Something should stick out. Google is your friend. Once you find what you need, read it carefully and understand how it works. It isn't a simple point and click. What is the program asking for?
    User1:
    Got a shell but it kind of sucks? As long as it navigates and can read things, it's all you'll need. Look around where you are and start reading files. You should eventually find something interesting. Users are lazy after all.
    User2:
    Did you find something interesting in that sucky shell that you couldn't read? Maybe have another look. Start asking questions and figuring things out. some forward thinking is helpful here.
    Root:
    Do the usual stuff when privilege escalating. Something should stick out. Now would be a good time to GTFO ;)

    Hopefully that helps my fellow strugglers and isn't too spoilery.

  • Thank you so much @emmycat and @1xWiZARD you guys were extremely helpful and I learned a whole bunch of new things today. Definitely an enjoyable learning experience.

  • edited January 9

    I still not found how to use the downloaded exploits (4****.rb , 4****.sh) to get access to the server . Anyone please give me a nudge.

    A Chemist doing Penetration Testing - Check the Story here: BinaryBiceps

  • edited January 9

    Type your comment> @gunroot said:

    I still not found how to use the downloaded exploits (4****.rb , 4****.sh) to get access to the server . Anyone please give me a nudge.

    i used the sh exploit, i edited it to work, just simple things, basick knowledge of shell script

  • Type your comment> @41fr3d0 said:

    i used the sh exploit, i edited it to work, just simple things, basick knowledge of shell script

    Yes bro. Finally got a low level shell. Any hints for user1 will be appreciated.

    A Chemist doing Penetration Testing - Check the Story here: BinaryBiceps

  • KGGKGG
    edited January 9

    Any one to help with j****a I cant seem to get in even with doing all the johnny turns. Please. Cancel this got it.

  • Anyone able to help pls? Stuck on j*y. Looked in i******l and found i*****.p. Saw something interesting in there but my buddy john wasn't working today. Any help on where to go from here? Thanks in advance!

  • edited January 9

    Okay my problem was lack of linux knowledge and the execution of sudo commands. ^^ I am gonna work on some more to get root.

    Edit: Got it.

    enpassant

  • edited January 10

    I lack of linux knowledge, I don't know how to LPE to get root.

    EDIT: rooted

Sign In to comment.