OpenAdmin

1242527293059

Comments

  • edited January 20

    Type your comment> @TazWake said:

    @w2connect said:

    Yes, j****y; but no user.txt ....

    You dont have the correct user.

    Read through the threads here for hints.

    Ok! Many thx! Got stucked searching for it!! :)

  • Finally rooted my second box. I had to rely on some hints posted here, this one was very educational!

    Best advice I could give about this box is to try and solve it when there isn't many players around. At times I saw like 10 people connected with around 20 to 30 terminals open, everyone running enumeration and other stuff... shit got really laggy, not to mention the resets were so annoying!!

  • Yes! Finally did my first active machine on HTB!
    Feel free to DM me if you need some hints!

    t0wb0at

  • Finally rooted.

    Foothold: Basic scan for services followed by another basic scan to find something that you can google. Flick around until you find something odd. Hardest part is setting the thing from google up to to work.

    User1: Read files near landing site. You don't need more than ls, cat and cd to find what you need - but using other search tools might speed things up. You can scout out your next targets using the landing user as well.

    User2: Find the thing that connects User2 to User1, you may have spotted it in your initial scout for users. Look for that thing to find some interesting files, then find something that will tell you where they are served and call them for a useful output.

    Root: Too simple to say without spoilers. A single command should tell you exactly how you can escalate to root.

    Feel free to DM me for something a bit less vague.

  • Rooted! Fun machine, new things are always learned.

    Private message if you need help with "OpenAdmin".

  • rakrak
    edited January 21

    Stuck on root and need a nudge.

    Edit: silly mistake in reading output. Got root almost instantly after realizing my mistake. Was a fun experience for first machine on HTB. Thanks to @samdtyler and @TazWake for their assistance.

  • An easy machine to relax your mind and turn down the frustration levels. Just keep on enumerating and you will get the job done. Pm me for nudges, though I believe everything will already be there in the forum.

    3zCulprit

  • Rooted :) Thanks to @5c0073r for hints.

  • Type your comment> @TazWake said:

    @wsurfer said:

    i did it, also i did change location and same issue

    sudo: PERM_ROOT: setresuid(0, -1, -1): Operation not permitted
    sudo: unable to initialize policy plugin

    Chances are, you are running it from an account not able to run it then.

    j******a user i am using.

  • Hey guys.

    I have found the users j**** and j******; and a password n***********! from a low priv shell. I have read many comments for hints but I am unsure as to where to go from here. I have been exploring and reading the files but cant seem to find anything else of use. Any nudges would be greatly appreciated.

  • edited January 21

    Spoiler Removed

  • Guys can someone help me, I only get shell as j***y but in this point i didn't find nothing any help please

  • edited January 21

    I'm stuck. I just cracked the hash for user j****a and got the result b********a, but I cant connect via s** - Permission denied. Any hints?

    edit: just got root, thanks for the tip CuriousJ

  • Type your comment> @m4r10m4chuc4 said:

    Guys can someone help me, I only get shell as j***y but in this point i didn't find nothing any help please

    Enumerate some more. See what this user has in his files and where those files might be used.

    Hack The Box

  • Type your comment> @vesuviuz said:

    I'm stuck. I just cracked the hash for user j****a and got the result b********a, but I cant connect via s** - Permission denied. Any hints?

    Pay attention to the command being used to ensure you are sending the credentials.

  • It was easy, and you can learn that it's great:

    Some hints:

    First terminal:
    Just looking for a versions, enumerate all that you can

    1 user:
    you don have to find a user, just a one part of the credentials, it's inside of o** directory.

    2 user:
    Enumerate a directory that could modify with your after user, and find something that could be useful to connect it (to get this tool, you need to use curl, it's no possible check it from your browser), you have to crack something.

    root:
    Find a possibles commands that you could exect with the last user.

    If you have more doubts, send me a message.

  • So first time trying any box and can't seem to get past initial foothold. I thought I had enumerated pretty well in and around the place i landed but can't seem to make any progress.

    A nudge in the right direction would be much appreciated.

  • If someone needs help. DM me

    t13nn3s

  • Type your comment> @vesuviuz said:

    I'm stuck. I just cracked the hash for user j****a and got the result b********a, but I cant connect via s** - Permission denied. Any hints?

    I'm going to assume that you typed that correctly - are you very, very sure that what you wrote there is the full and complete password? No letters missing or misplaced off of the end?

  • looking for a nudge with the curl command - anyone ?
    I have all the components of the command , just cant seem to get a response

  • @paulieh said:

    looking for a nudge with the curl command - anyone ?
    I have all the components of the command , just cant seem to get a response

    Check you are curling the right place.

  • I have the 5**** port , using both the hostname and the ip ?

  • When you say "hostname" - hopefully, you are using the correct one.

    Is it as simple as zero response, i.e you just get back to the prompt, or is there an error response?

  • edited January 22

    got user - onto root next

    edit : rooted

    respect to samdtyler and tazwake for the help

  • Get root, simplest than the user.

  • Not getting any data from the www-data exploit's curl (I have disabled the silent option and all 0), also getting 'connection timed out' from sshes of both j*** and J***... Servers are down?

  • Get root, it's not complicated, a little more complicated has been the user

  • @obarmatz said:

    Not getting any data from the www-data exploit's curl (I have disabled the silent option and all 0), also getting 'connection timed out' from sshes of both j*** and J***... Servers are down?

    Most people are in a different user account before the curl bit works. Given what you've put here, it's not clear where the problem might be and it looks like you've combined two different stages.

    Generally speaking:

    Initial Foothold - User 1: Enumerate, find info, use info
    User 1 - User 2: Enumerate, find info, get the info from the server.
    User 2 - Root: Enumerate, escape, rootshell.

    If you are trying to do User 1 to User 2 from the initial foothold, it might not work.

  • @TazWake I'm just trying to connect to the machine... I'm currently on user2->root but any type of connection to 10.10.10.171 doesn't work. I had already reset the box and status checked several times.

Sign In to comment.