Bashed

Spoiler Removed - Arrexel

I think I figured out what is going on… can someone who has gotten PM me so I can pitch my idea and see if it is correct?

Hello Folks, its my 2nd day here i got the user flag, no idea about pri escalation, no idea about reverse shell, please help me out what should be the next tool or method to get teh root.

got in after reverse shell, no tty, still not root… any hint guys…

I was able to get the root flag by modifying an exploit. Unfortunately I got root for only a short time. I modified the exploit to dump the contents. This is not giving me an actual elevated prompt. I have been digging around the system for almost three days. Enumerating the system to death and I feel like I have looked over, what i think should be simple.

I know this is not the correct method and would like to do it the right way. I am not here for the flags. I want the knowledge. Can anyone push me in the right direction? Reach me via PM.

Thanks for any help.

Look for something that doesn’t belong on a generic linux distro. Basic forensic techniques can help find it fairly quickly (no need to image the drive or anything like that)

Spoiler Removed - Arrexel

So this is my first attempt to priv esc. Need some help though to understand if i am on the right path as i feel am i going in the dark. Have created reverse shell and used LinEnum to enumerate. Seen a couple of things that may help.
If anyone that has solved it successfully is kind to PM so i can ensure that i am on the right path, i would be grateful.

@w31rd0 said:
So this is my first attempt to priv esc. Need some help though to understand if i am on the right path as i feel am i going in the dark. Have created reverse shell and used LinEnum to enumerate. Seen a couple of things that may help.
If anyone that has solved it successfully is kind to PM so i can ensure that i am on the right path, i would be grateful.

Feel free to send me what you’re thinking, @w31rd0

Have reverse shell. Ran enumeration. There are some fishy results, but can’t seem to figure out how to exploit. Looking for a hint. PM please.

PM me if you want a hint :slight_smile:

@ngup said:
Spoiler Removed - Arrexel

sorry i did not mean to reveal anything

Spoiler Removed - Arrexel

@minhhungvn said:
Spoiler Removed - Arrexel

The github repo is unrelated to the machine, although it does explain how to use it once you find it

Hi. Brand new in HTB :slight_smile: and for two days handlling with bashed. Very straightforward to get user.txt /… after that: I got the reverse shell (interactive shell) I did su to an other user … found a script… and after that, I’m getting completely crazy trying to finde the way to gain root. I’m not asking for help… yet … just thinking loudly (and sharing with you). On Sunday Bashed will be removed and I have to hurry up, but I’m very stuck right now. Greetings to all!

Finally I got the root.txt flag, without being root, playing with the scripts we all know. I don’t know exactly why it works getting the flag from there. I some could explain me via PM I would be very gratefull, since my real flag y to learn

Yes!! now I’m root !!! … Sometimes the solution is more like a puzzle than a technical matter :slight_smile: (lateral thinking)
but actually I still don’t understand WHY could I retrieve the flag without being root, as I shared in my previous post

I’ve understood why before gaining root I was able to obtain root.txt … the reason is directly related with the way I gained root access later, but wasn’t aware of that at that moment. Now everything is clear :slight_smile:

well im new to this whole hacking thing and im having trouble getting a foothold in poison. This is the first box im trying and ive gotten the encoded password, but I cant figure out where to go from here. Feel free to PM me as I know the answer will be “enumerate more”, but I can’t figure out how. Could someone please at least point me in the right direction?

on it as well