Traverxec

1262729313245

Comments

  • Rooted!
    This is my first box and i can say it was sooo cool!
    User is way more difficult than root. So don't stop if you feel down, you will get to it.
    Feel free to pm me.
    And big thanks to @Tellico and @Hilbert for helping me out.

    Always ready to help... Pls consider giving respect on my profile if i help you.
    Most important, have fun and JUST ROOT IT !!!
    https://www.hackthebox.eu/home/users/profile/186611
    SamTheSapien

  • @theonemcp said:
    Still working on accessing the private-space. finally found a dirname that works. but I can't access it with the creds I got from the hp***d file. bit stuck here. Any tips for me? Thanks

    Go back to the n*****.f file and look for dir that maybe interesting. Go back to dd usr and dig more.

  • edited January 7
    So I’ve been able to get user but I’m a little lost as to where to go with the script. I understand that j********* is related to l*** but unsure how to capitalize on that. If you have some useful hints PM me.

    Edit: Nevermind. I finally got it. New to linux so the command to abuse the commands from the script was the key. TIL
  • Any hints on user? I've read the config file and the manual over and over, tried all sorts of enumeration/paths, found the "private space", but can't get to any point where I use credentials or any other hidden directories. All the comments make it look simple but I'm banging my head against a wall here.

  • Type your comment> @ssklash said:

    Any hints on user? I've read the config file and the manual over and over, tried all sorts of enumeration/paths, found the "private space", but can't get to any point where I use credentials or any other hidden directories. All the comments make it look simple but I'm banging my head against a wall here.

    Try looking around in user's home. Web is not the only way to access it...
    PS: config might be helpfull

    Nism0

  • Oh my god. I got user pretty fast on this one, but I banged my head on root for about 3 hours straight with no luck. Went to bed, woke up, and literally in 5 minutes got root. In my case, less is NOT more...I used neither and for root, none of the tips here were helpful for me. I knew what everyone was saying, but I couldn't make it work, so I did it my way.

  • edited January 7

    Stuck on user for a while now. Can someone PM me some hints? Got shell as w*******. Looked at the n*****.conf and still can't make much headway.

    update:
    got user flag. now on to root!!

  • Ok, got root, but a bit unsure why it didn't work today's morning, and is working now. I'l apprecieate if anyone could explain it in details on PM.

    PM for nudges.

    PS: This box is awsome! This is my second box and I really loved it! Linux is amazing ;)

    Nism0

  • This is my first ever box, I managed to get the user but i have no idea how to get root. I know i need to do something with the *.sh i checked gtfo***s but i cannot get root at all. I'm think i'm doing it correctly but tried so many times and it hasn't work. Any nudges would be great. I've looked at using l*** and jo******* so any help would be great

  • Can someone give me a nudge to get root. At this point any hint will help .

    Slxyre

  • I turned off the PC, walked around for a while and came back. After looking for a few minutes I couldn't believe how I hadn't seen the solution for the first user. Rooted.

  • Type your comment> @Slxyre said:

    Can someone give me a nudge to get root. At this point any hint will help .

    GTFObins is your best friend.

  • Rooted (..finally). Initial foothold is easy. User took a while, read the conf over and over but didn't see the path I had to follow....until I finally did. After that it was easy. Root gave me a headache, the nudges in the forum posts lead me to the right file to cat. After that I was a bit misdirected by the mentions of less. Once I had it almost couldn't believe how simple it is. All in all, learned a fair bit about linux and permissions
  • Finally got USER for my very first box :) Learned a lot. But somethings took way too much time. but I love the box so far. now the hunt for root starts ...

    Hack The Box

  • edited January 8

    Can anyone help me with user over PM?

    Edit:
    got help from @Nism0 and @menri005 , ty!

  • Hi everyone, I am quite new to system hacking and have been strugly with root since more than 2 days now - until I read the man to the j********l really carefully and understood the small window hint (mentioned several times already).
    Thanks everyone for the great hints and support, as well for newcomers like me!

  • Stuck on getting root. I found the s*****-s.h file and the hint at G***Bs site. also tried the terminal size thing to cut only to the needed parts. also found the hint in j********l manual. but I don't get it to work. Any tips for me?

    Hack The Box

  • So good machine! Leaned a lot.
    PM if you need a nudge, but tell me first your progress and what have you done.

  • @theonemcp you are very close. Try to think how custom nostromo scripts works. Play with it more.

  • Rooted! PM for hints and nudges

  • Good machine, the biggest hint is probably the name of the machine.

    m3ll0

    OSCP

  • Stuck on trying to get root. I know of GBins and the S*****-****s but I'm still lost on on all of this. I know I'm close, I've even tried going through man pages of J--------------l and so forth... Can someone pass a nudge via pm please?

    Available to help when I can and know how to help. However do not expect responses right away on these days. Sunday - Wednesday between 7am-8pm EST (USA, Orlando, Fl) as I work those days from 7a-7p and then the ride home. Just a forewarning is all :) Other than that I'll answer ASAP, or when I get home from work.

    CompTIA A+ | Network+ | Security+ | PenTest+ (In Progress) | C|EH (in Progress)
  • ROOTED my very first maschine. :) Fiddeling around with the commands was fun and unnerving at the same time. I'm a linux noob so I have to learn everthing from scratch ...

    Hack The Box

  • ROOTED first Linux/Webserver machine! Woo!!! Thank you to everyone that helped. @jkr for a good machine to learn on and for help here and there! @masquerad3r for your help as well as @vsamiamv for all your help!

    Available to help when I can and know how to help. However do not expect responses right away on these days. Sunday - Wednesday between 7am-8pm EST (USA, Orlando, Fl) as I work those days from 7a-7p and then the ride home. Just a forewarning is all :) Other than that I'll answer ASAP, or when I get home from work.

    CompTIA A+ | Network+ | Security+ | PenTest+ (In Progress) | C|EH (in Progress)
  • Hi All,
    I got the conf, and got hide directory ~d****, but i stuck to next step,
    can someone give me the hint ?

  • Type your comment> @sombrer01337 said:
    > Hi All,
    > I got the conf, and got hide directory ~d****, but i stuck to next step,
    > can someone give me the hint ?

    Dig deeper where you are and read the config again, to the bottom line...

    Nism0

  • edited January 14

    So been a bit stuck for a couple of days on the edge of getting user. I have the hidden files in ~david/.... I have copied them over, but stuck getting connection to work with what I for from those hidden files. A nudge would be great. Anyone can PM if I need to give more details about where I am stuck. Thanks!

    UPDATE: I got user. Now working on root. I have the s*****-****s.sh file. Working to find the vulnerability. >.>

  • Rooted.
    Getting root access was definitely way easier than getting user.

    enpassant

  • edited January 10

    rooted!

    [email protected]:~# id
    uid=0(root) gid=0(root) groups=0(root)
    

    user was a bit tricky there is a rabbit hole you don't need any creds! For root search some juicy things after got user don't look so far away and then GTFO :)

  • edited January 10

    finally got it, many thanks to @SamTheSapien and @haxcity,

    for user: dont need to use www
    for root: i didnt need to resize anything or use l*** , the b** in the *.sh was enough. GTFO helped. play with the command

Sign In to comment.