OpenAdmin

@TazWake No matter what I do I cant get John’s friend to help me talk to John. I have tried just copy and pasting what I found into various txts and id**sa.h*h format but his friend wont accept it. Any tips for getting it into the correct format?

@TazWake nevermind… I figured it out. Pays not to copy more than you need to…

Done! Special thanks to @TazWake and @stealth21

Really cool machine. Had fun with it.

Hello,
I’m stuck with j***y shell. Got his credentials who worked fine on a magic port.
My user have not the rights to use sudo …
Any hints to help me please ?
Thanks a lot.

@hannibal813 don’t veer to far from where you are. Jimmy and his friend share some files look into those files and you can gather some more data.

Im a complete beginner, however I feel like this box should not be impossible for me.
I have found a webserver and with dir enumeration I found a couple of webpages and a webapp running on the server ( ONA***N).

I’ve found 2 exploits for this app but I am having trouble applying them. Maybe I have gone down the wrong route here. Looking for any help/hints/tips!

great box, thanks @dmw0ng

foothold : my regular enumeration tools couldnt find it. So keep clicking, keep looking…you’ll find an odd app that doesnt ‘look’ like the rest of the more modern-looking sites. It has some well documented ways to break in…but you dont have to go that route if you keep looking harder.

user: to get to the first, It’s a combination of the two sloppiest things an admin can ever do. The second was a little bit trickier but an excellent challenge nonetheless. The first protects a secret for the second, so look out for things the first owns. Read web server config files too to understand how to ‘get’ to that secret. There might be an alternate , more invasive way that i didnt try but more than happy to discuss over PMs.

root: very fast and easy. If your enum foo is right, it will be right in front of you. GTFObins is a good resource for this one if you are more of a vim dude.

EDIT: also, i started working on this box last night (Sunday Jan 19) and I was super stuck, overthinking things. I gave up and worked on it this morning (Monday Jan 20) with a clear mind and got through it pretty quickly. In other words - don’t overthink - think of what a careless admin would do when looking for weaknesses.

let me know if i can help in any way

Rooted.

Hi,
Is it the flag where is supposed to be? I can’t find it in the user’s home directory.
Thx

@w2connect said:

Hi,
Is it the flag where is supposed to be? I can’t find it in the user’s home directory.
Thx

Do you have the correct user?

If you do, someone has broken the box, yet again.

@b44rt said:

I’ve found 2 exploits for this app but I am having trouble applying them. Maybe I have gone down the wrong route here. Looking for any help/hints/tips!

You are very much on the right path here.

The .sh one is (IMHO) easier to get working than the MSF one. YMMV.

Remember when you run it, you need to tell it where to go. And where you tell it to go has to be vulnerable.

Type your comment> @TazWake said:

@w2connect said:

Hi,
Is it the flag where is supposed to be? I can’t find it in the user’s home directory.
Thx

Do you have the correct user?

If you do, someone has broken the box, yet again.

Yes, j****y; but no user.txt …

@w2connect said:

Yes, j****y; but no user.txt …

You dont have the correct user.

Read through the threads here for hints.

Type your comment> @TazWake said:

@w2connect said:

Yes, j****y; but no user.txt …

You dont have the correct user.

Read through the threads here for hints.

Ok! Many thx! Got stucked searching for it!! :slight_smile:

Finally rooted my second box. I had to rely on some hints posted here, this one was very educational!

Best advice I could give about this box is to try and solve it when there isn’t many players around. At times I saw like 10 people connected with around 20 to 30 terminals open, everyone running enumeration and other stuff… ■■■■ got really laggy, not to mention the resets were so annoying!!

Yes! Finally did my first active machine on HTB!
Feel free to DM me if you need some hints!

Finally rooted.

Foothold: Basic scan for services followed by another basic scan to find something that you can google. Flick around until you find something odd. Hardest part is setting the thing from google up to to work.

User1: Read files near landing site. You don’t need more than ls, cat and cd to find what you need - but using other search tools might speed things up. You can scout out your next targets using the landing user as well.

User2: Find the thing that connects User2 to User1, you may have spotted it in your initial scout for users. Look for that thing to find some interesting files, then find something that will tell you where they are served and call them for a useful output.

Root: Too simple to say without spoilers. A single command should tell you exactly how you can escalate to root.

Feel free to DM me for something a bit less vague.

Rooted! Fun machine, new things are always learned.

Private message if you need help with “OpenAdmin”.

Stuck on root and need a nudge.

Edit: silly mistake in reading output. Got root almost instantly after realizing my mistake. Was a fun experience for first machine on HTB. Thanks to @samdtyler and @TazWake for their assistance.