Finally rooted my second box. I had to rely on some hints posted here, this one was very educational!
Best advice I could give about this box is to try and solve it when there isn’t many players around. At times I saw like 10 people connected with around 20 to 30 terminals open, everyone running enumeration and other stuff… ■■■■ got really laggy, not to mention the resets were so annoying!!
Foothold: Basic scan for services followed by another basic scan to find something that you can google. Flick around until you find something odd. Hardest part is setting the thing from google up to to work.
User1: Read files near landing site. You don’t need more than ls, cat and cd to find what you need - but using other search tools might speed things up. You can scout out your next targets using the landing user as well.
User2: Find the thing that connects User2 to User1, you may have spotted it in your initial scout for users. Look for that thing to find some interesting files, then find something that will tell you where they are served and call them for a useful output.
Root: Too simple to say without spoilers. A single command should tell you exactly how you can escalate to root.
Feel free to DM me for something a bit less vague.
Edit: silly mistake in reading output. Got root almost instantly after realizing my mistake. Was a fun experience for first machine on HTB. Thanks to @samdtyler and @TazWake for their assistance.
An easy machine to relax your mind and turn down the frustration levels. Just keep on enumerating and you will get the job done. Pm me for nudges, though I believe everything will already be there in the forum.
I have found the users j**** and j******; and a password n***********! from a low priv shell. I have read many comments for hints but I am unsure as to where to go from here. I have been exploring and reading the files but cant seem to find anything else of use. Any nudges would be greatly appreciated.
First terminal:
Just looking for a versions, enumerate all that you can
1 user:
you don have to find a user, just a one part of the credentials, it’s inside of o** directory.
2 user:
Enumerate a directory that could modify with your after user, and find something that could be useful to connect it (to get this tool, you need to use curl, it’s no possible check it from your browser), you have to crack something.
root:
Find a possibles commands that you could exect with the last user.
So first time trying any box and can’t seem to get past initial foothold. I thought I had enumerated pretty well in and around the place i landed but can’t seem to make any progress.
A nudge in the right direction would be much appreciated.
I’m stuck. I just cracked the hash for user j****a and got the result b******a, but I cant connect via s - Permission denied. Any hints?
I’m going to assume that you typed that correctly - are you very, very sure that what you wrote there is the full and complete password? No letters missing or misplaced off of the end?