OpenAdmin

@neoconfig said:

can anybody help me ? joanna but now I want to be root, where should I look? I have to keep enumerating? or do you have any script to scale privileges?

Find a good guide to Linux enumeration or priv esc. It will tell some things to check. One of these is a common way to issue commands as a priv user on Linux.

Then have a look what the account you have can do.

Find a way to gtfo of that into a root shell.

Type your comment> @XMA said:

Type your comment> @TazWake said:

(Quote)
But root first blood was taken in 11 minutes, there has to be a way regardless the resets

Root after user is pretty straightforward. I imagine 11 minute d00d saw something tasty in the initial recon after securing the foothold and hopped on it for the easy win.

Rooted :slight_smile: nice little box.

It was a nice distraction from FOREST for a little while. There are plenty of hints already all over this forum, so I won’t go repeat them. What I will say, is if you find yourself going around and around in circles then take a break. I made a couple of stupid mistakes in my syntax just because I was tired, and even though I was staring straight at them I didn’t see it.

Never mind “Don’t drink and Root” how about “Don’t HTB and not sleep”

Hi, i’ve got user1 but can’t find a way to user2… I’ve found i******l files but don’t know what to do, i’ve read previous posts that suggest curl but no idea how

Any help would be awesome!! I’ve been stuck for hours

Stuck on getting 2nd user I have j***y ssh creds. I am having an issue getting 2nd user. Can any throw me a nudge. I am not getting the curl hints since I am already within the box.

after the hard ones, this one was a gift from god. thx @dmw0ng for your time to create this one

Got Root.
Thanks for a refreshing easy box @dmw0ng

Figured that i was doing curls in the wrong spot.
DM’me for help

Please help with root i didn’t find anything even with n**o to escalate priv

Type your comment> @alajeb said:

Please help with root i didn’t find anything even with n**o to escalate priv

you are doing it wrong then. Slow down, read that bin and understand how it actually works. Also carefully read output of s***-l
I was stuck at the same place, got root when I studied and understood that GTFO instead of copy-pasting it

hey, Can’t run sudo -l as j***a don’t understand why it won’t work

Just rooted. Great box. Thanks to the creator.
The user was quite difficult to get, especially user 2.
My hint for this:
user 1 - do not waste time on long searches, use grep.
user2 - look for the right port.
Root: nothing to say, just GTFOBins

Without spoilers, is there a way someone can show me how to curl the m*.php file using j*'s creds? That’s where I am stuck at the moment. I was curling the http : / / servername / m*.php but it cannot find the url that way. I do have the path, but it doesnt work. I also tried spinning up a web server from within the in*l directory but that doesnt work either.

@walk said:

Without spoilers, is there a way someone can show me how to curl the m*.php file using j*'s creds? That’s where I am stuck at the moment. I was curling the http : / / servername / m*.php but it cannot find the url that way. I do have the path, but it doesnt work. I also tried spinning up a web server from within the in*l directory but that doesnt work either.

You need to find the correct server name and port.

@aladante said:

hey, Can’t run sudo -l as j***a don’t understand why it won’t work

If you are on a free box, its a 50:50 that someone has broken it somehow.

Have a look at the error message to see if gives you any clues.

@1337Cha0s said:

Stuck on getting 2nd user I have j***y ssh creds. I am having an issue getting 2nd user. Can any throw me a nudge. I am not getting the curl hints since I am already within the box.

Enumerate all the things which might group the two users together.

Type your comment> @TazWake said:

@walk said:

Without spoilers, is there a way someone can show me how to curl the m*.php file using j*'s creds? That’s where I am stuck at the moment. I was curling the http : / / servername / m*.php but it cannot find the url that way. I do have the path, but it doesnt work. I also tried spinning up a web server from within the in*l directory but that doesnt work either.

You need to find the correct server name and port.

This is if I am curling the server that I spin up myself? If so that’d be 8000. unless you mean the regular port 80?

@walk said:

This is if I am curling the server that I spin up myself? If so that’d be 8000. unless you mean the regular port 80?

This is unlikely to work. You need to access where the server is serving the data from. If you are serving it yourself it cant read the files it needs to read because it has your permissions.

Alguien para darme un empujón?
Any can helpme?

i have /**a/ path. but no have idea what make now. i see a RCE. but dont work.

@Niil78 said:

Alguien para darme un empujón?
Any can helpme?

i have /**a/ path. but no have idea what make now. i see a RCE. but dont work.

It will work, you just need to understand what it is doing and how to invoke it with the correct path to a target page.

This was my first box and I am stoked to say I finally rooted it!!
I have given my respect to everyone whose helped me out with little nudges along the way.
This is fun and exciting and can’t wait to take on more!