Registry

My first hard PC is down! Wooho!

root@bolt:~# wc -c root.txt; hostname
33 root.txt
bolt

Root was very cool!

Finally got the root flag (not shell) after several nights of scratching my head. Big thanks to both @ghostccamm and @dreamerscoffee for the nudges that got me over the hump! Not sure I would have gotten to the finish line without them! I’ll be trying to get the shell too in the next few days!

I need a little nudge. I have user but now I need to get to user2. I think I need to get to the app but it seems that I am missing something and I haven’t been able to figure it out.

Edit: I figured what I was missing for the app. It should’ve been the easy part. I now have a shell from user2. On my way to root.

Edit: Rooted!

@Malvik said:
I need a little nudge. I have user but now I need to get to user2. I think I need to get to the app but it seems that I am missing something and I haven’t been able to figure it out.

You don’t need to get the app, have a look around and see if you get a lightning idea.

This was the hardest one I cracked, I have some tips:
First you need to enumerate, pay attention in the ssl error for https.
I had to write my own tool to download the needed files, it’s available under my GitHub, you will find it related to the machine name there. It’s just a tool, don’t expect to have any spoiler there.

User 1: very easy when you have the right files, let John be your friend.
User 2: was a bit complex, you need to be fast or you will lost everything and will need start from the beginning.
Root: stop to walk around, back to your first landed place and you will find an interest thing there, you will be able to get the flag file and maybe the shell.

Thanks @thek for the box.

I need a nudge pleaseee!! I’m in the last step for root. I already have a shell for w**-a and I know that I have root privilege with r** command. I’ve created a repository on my machine, set up a r*****-s***** instance also on my machine, and then executed the r***** command but I can not make it work… I read here that r*****-s***** is portable but I can’t figure it out what it means… any help?

Edit: nvm… rooted! I needed a tunnel…

Stuck trying to get from b**t to w-d. Tried various ways of uploading bind/reverse shell through b**t c*s, but can’t find how to execute it. A nudge would be much appreciated :smile:

Edit: Rooted. Got the rce through the c*s, just needed to be quicker once the .**l was changed. Thanks @zfyra for the nudges!

stuck on bolt → w*****ta. Any hints appreciated.

Help!

I’m stuck on the last step and it’s so frustrating. I have a w**-*** * shell. I can’t figure out how I am supposed to use the r***** command :frowning:

still stuck at initial foodhold. played around with d***** and found a key, but john isn’t very talkactive today. anyone want to tell me what I’m doing wrong?

EDIT: Got User finally. thanks to very helpful people. the last stepp took me again wy too long, thanks to my stupidity. Should really learn to read output properly …

Great box. Not too hard but in no means easy. Learned a lot about new tools and services. I found user to be way harder than the actual root part. User involves many steps with multiple rabbitholes imho. Pm me if you need a nudge.

Hey guys, i stucked d****.r*******.h**/v*. I researched re******/*.0 version i got how is it working ( not too much) but couldnt find right path. i tried “_ca*****” but nothing. Can someone help me for what he next step is?

Edit: Got User1 for now

Hi there,

Currently i’m in the /b… d******** and i am trying to get a shell running via a file rename but i get a lot of errors when i’m doing this… 404 not found. Am i doing something wrong? Can somebody give me a nudge in the right direction?

Have a good rest everybody…

Awesome box, thanks @thek!

Learned about a few new tools, scripts and services :mrgreen:

Rooted with shell.

Dude, this box is wicked! Been meaning to learn a bit more about d*****, and this was a good lesson! Learned about some other things that I’ll be definitely using in the future.

Thanks @thek!

I have cracked the hash for ad**n and able to upload a web shell, but this keeps resetting and unable to get a reverse shell. Appreciate a nudge in the right direction.

Edited:

NVM, It was right in front of me and I just needed to try harder.

Rooted, reading the post I think I am more lazy that I thought xD I was so tired I didn’t even set up a r**t service, working as programmer I can’t live without exceptions but this time they helped me getting root saving some time. Anyway P.M. for help

Got really stuck for the login page.
##DAAAAAMN

root@bolt:~# id
uid=0(root) gid=0(root) groups=0(root)

Hack The Box

USER :
Enumeration web application with the documentation of the API
download file from browser and enumerate what you get
get creed enumerate again get a connection

Feel Free to PM :smile: