Traverxec

Nice little box, good for beginners.

Hmm, I got user, but also I have a word for this user from md5 hash. And I didn’t use it anywhere. Is it some kind of another way to get access or dead end?

Yes . That part is done. . I found user.txt but i don’t know what to do with it -.-’ I’m I missing something?

Type your comment> @kompotkot said:

Hmm, I got user, but also I have a word for this user from md5 hash. And I didn’t use it anywhere. Is it some kind of another way to get access or dead end?

You can use that word if you try to get user.txt through another channel.

The point is that I’m not even been able to crack the md5. I thought user.txt was the user flag

Type your comment> @waldemaro said:

The point is that I’m not even been able to crack the md5. I thought user.txt was the user flag

User.txt contains the user flag which you can validate on the web site. There is also another hash on the box, which has a different role.

Yes I know… the other one was cracked and used :slight_smile:

OK… I’m not dumb… I understood the problem: I was submitting user flag from this page:
Login :: Hack The Box :: Penetration Testing Labs and it simply doesn’t accept user flag from that page, i think. Furthermore I tought the flag was in ther format HTB{abc_123_xyz}

My second non retired box that I have rooted…I spent WAY too long trying to figure out the final part for root…keep it simple!

rooted.

User took a while, thanks PAUL007 and Nism0 for the user hints. I am still a n00b on this but if I can help, feel free to ping me :slight_smile:

My goodness! GTFO solution so simple but yet so beautiful!
Was cracking my head for few hr, and in the morning figured it out in 10min.

Thanks for forum activity for small hint :slight_smile:

Just got user- very funny box, thx. Now I’m curious for escalating to root. If somebody stucks, just pm me.

Wow. Finally got root. I got 99% of the way quickly and then banged my head on the monitor for several days. thanks @nikto and @sebiV for the assist!

Hey everyone… I’ve been at this box for awhile. I got the low priv shell and been digging around in config files for awhile now. Sorry… I could really use a push in the right direction. I was able to get a hashed that I was able to crack but it doesn’t seem to work anywhere… egh… fun box tho! I’ll be struggling with this for awhile so If anyone would like to drop a message to me please do. Much appreciated! Thanks!

@Varjack said:

Really struggling to get a shell on this box. Any help would be appreciated. I know where I need to go to get creds but without a stable shell I’m stumped. Thanks,

bro just use msf ,and do it correctly lhost:vpn ip

GM,
I’m struggling what to do with these user creds. Read the config and man pages. Thought I’d sorted what I need to do sent a S***AL but still not asked for creds. A nudge would be much appreciate.

EDIT:
I’m in… the hints in here are good. I read about the same service provided by Apache; which gave me a light-bulb moment.

Root.
I didn’t use the terminal size people are mentioning. I used a gimme GTFO that was available. I would love a PM on the other path to root if anyone has the time.

Hey guys,

Very interesting machine. For me as beginner, the foothold was quite nice and easy.
The user was fairly difficult to me. Root on the other hand was easier than the user.

I was able to root the machine via the j******l go exploit.
However, I was not able to find any usefull informations as to why and how that worked in the first place.

Is anybody willing to explain to me what is happening here? I would like to understand why this worked (or what is broken in the first place).

Best Regards
nyb1e

Rooted , finnaly :slight_smile:

I got www-**** but am unsure what to do next when I use ls I get a list of commands I think. not dir am I doing something wrong or is this norm?

scratch that, had to use a diff option to get what I was looking for

I minimize my terminal but its still $ hhhhhhh

nvm already root.
pm if need help.