Registry

stuck on bolt → w*****ta. Any hints appreciated.

Help!

I’m stuck on the last step and it’s so frustrating. I have a w**-*** * shell. I can’t figure out how I am supposed to use the r***** command :frowning:

still stuck at initial foodhold. played around with d***** and found a key, but john isn’t very talkactive today. anyone want to tell me what I’m doing wrong?

EDIT: Got User finally. thanks to very helpful people. the last stepp took me again wy too long, thanks to my stupidity. Should really learn to read output properly …

Great box. Not too hard but in no means easy. Learned a lot about new tools and services. I found user to be way harder than the actual root part. User involves many steps with multiple rabbitholes imho. Pm me if you need a nudge.

Hey guys, i stucked d****.r*******.h**/v*. I researched re******/*.0 version i got how is it working ( not too much) but couldnt find right path. i tried “_ca*****” but nothing. Can someone help me for what he next step is?

Edit: Got User1 for now

Hi there,

Currently i’m in the /b… d******** and i am trying to get a shell running via a file rename but i get a lot of errors when i’m doing this… 404 not found. Am i doing something wrong? Can somebody give me a nudge in the right direction?

Have a good rest everybody…

Awesome box, thanks @thek!

Learned about a few new tools, scripts and services :mrgreen:

Rooted with shell.

Dude, this box is wicked! Been meaning to learn a bit more about d*****, and this was a good lesson! Learned about some other things that I’ll be definitely using in the future.

Thanks @thek!

I have cracked the hash for ad**n and able to upload a web shell, but this keeps resetting and unable to get a reverse shell. Appreciate a nudge in the right direction.

Edited:

NVM, It was right in front of me and I just needed to try harder.

Rooted, reading the post I think I am more lazy that I thought xD I was so tired I didn’t even set up a r**t service, working as programmer I can’t live without exceptions but this time they helped me getting root saving some time. Anyway P.M. for help

Got really stuck for the login page.
##DAAAAAMN

root@bolt:~# id
uid=0(root) gid=0(root) groups=0(root)

Hack The Box

USER :
Enumeration web application with the documentation of the API
download file from browser and enumerate what you get
get creed enumerate again get a connection

Feel Free to PM :smile:

Type your comment> @TeRMaN said:

Hey guys, i stucked d****.r*******.h**/v*. I researched re******/*.0 version i got how is it working ( not too much) but couldnt find right path. i tried “_ca*****” but nothing. Can someone help me for what he next step is?

Edit: Got User1 for now

Edit: Rooted. Thank you all.

Hardest box I’ve done so far. Lots of research is necessary for this one >.<

User1 (easy): brush up on c********s
User2 (medium): I spent longer than I’d like to admit looking for login creds… oops. Once authenticated, the rest is google-able. Just be quick, have some tabs open.
Root (difficult): One thing to remember… as others have mentioned here, everything should be done on the the box. You’ll save a lot of potentially wasted time. Try testing locally first. Check out what permissions you have as user2. The rest is trial + error.

I immediately got to the b… user before getting an initial foothold, and found the user.txt. Seems like I need to get to some l… page to get a f… up… Any nudges on where to find this page where I need to enter something I found?

hi, I am working on the initial user, I got all the files downloaded, but can’t find the creds?

E: I think I got the hash but can’t find the a way to decrypt the hash, tried john and hashcat. any nudges?

Rooted!

Whew this was such a hard and interesting box. I certainly learned a lot! Well- Here come some hints… Bear with me because this is the first time I give out hints.

User1: A certain service on this box will allow you to look into the past, some say that it recorded the forging of the key to open the door!

User2: After a lot of enumeration on User1, you should have found some information that you can use, a certain cat we know may want to play with that - but your journey for User2 does not end here. You will need to be really quick if you want to access what is underneath.

Root: One User can do what the other cannot. When you find a certain file you will realize what it is that you are supposed to do. Tunnel vision is sometimes needed!

PM me if you need any nudges! Thanks @thek for this amazing box!

Finally rooted this one, took me a while to figure out how to get all the file permissions right.

Feel free to PM me for hints

I found the /sealed key/ in d***** i**** but cannot crack it with j***, though I ran the converter script. Any idea what might have gone wrong?

EDIT: tried on my host (win) machine, same result - nothing. What the ■■■■ is going on ?! :frowning:

EDIT v2: NVM, got it. VERY sneaky! I like it.