got in after reverse shell, no tty, still not root… any hint guys…
I was able to get the root flag by modifying an exploit. Unfortunately I got root for only a short time. I modified the exploit to dump the contents. This is not giving me an actual elevated prompt. I have been digging around the system for almost three days. Enumerating the system to death and I feel like I have looked over, what i think should be simple.
I know this is not the correct method and would like to do it the right way. I am not here for the flags. I want the knowledge. Can anyone push me in the right direction? Reach me via PM.
Thanks for any help.
Look for something that doesn’t belong on a generic linux distro. Basic forensic techniques can help find it fairly quickly (no need to image the drive or anything like that)
Spoiler Removed - Arrexel
So this is my first attempt to priv esc. Need some help though to understand if i am on the right path as i feel am i going in the dark. Have created reverse shell and used LinEnum to enumerate. Seen a couple of things that may help.
If anyone that has solved it successfully is kind to PM so i can ensure that i am on the right path, i would be grateful.
@w31rd0 said:
So this is my first attempt to priv esc. Need some help though to understand if i am on the right path as i feel am i going in the dark. Have created reverse shell and used LinEnum to enumerate. Seen a couple of things that may help.
If anyone that has solved it successfully is kind to PM so i can ensure that i am on the right path, i would be grateful.
Feel free to send me what you’re thinking, @w31rd0
Have reverse shell. Ran enumeration. There are some fishy results, but can’t seem to figure out how to exploit. Looking for a hint. PM please.
PM me if you want a hint
Spoiler Removed - Arrexel
@minhhungvn said:
Spoiler Removed - Arrexel
The github repo is unrelated to the machine, although it does explain how to use it once you find it
Hi. Brand new in HTB and for two days handlling with bashed. Very straightforward to get user.txt /… after that: I got the reverse shell (interactive shell) I did su to an other user … found a script… and after that, I’m getting completely crazy trying to finde the way to gain root. I’m not asking for help… yet … just thinking loudly (and sharing with you). On Sunday Bashed will be removed and I have to hurry up, but I’m very stuck right now. Greetings to all!
Finally I got the root.txt flag, without being root, playing with the scripts we all know. I don’t know exactly why it works getting the flag from there. I some could explain me via PM I would be very gratefull, since my real flag y to learn
Yes!! now I’m root !!! … Sometimes the solution is more like a puzzle than a technical matter (lateral thinking)
but actually I still don’t understand WHY could I retrieve the flag without being root, as I shared in my previous post
I’ve understood why before gaining root I was able to obtain root.txt … the reason is directly related with the way I gained root access later, but wasn’t aware of that at that moment. Now everything is clear
well im new to this whole hacking thing and im having trouble getting a foothold in poison. This is the first box im trying and ive gotten the encoded password, but I cant figure out where to go from here. Feel free to PM me as I know the answer will be “enumerate more”, but I can’t figure out how. Could someone please at least point me in the right direction?
on it as well
I don’t know if what I’m gonna say could be consider spoiler or just a hint, but… since bashed is gonna be disabled soon, let me say you the following
The difficulty here is more a matter of close view than techical (of course one must to have some basic skills) . So the hint is: “Try to figure out why some strange things could be happening” Enjoy!
once you enumerate and discover the way the flag you want is -u some googling back when I did this box had me stumble upon that option with the command and all was well.
Many thanks Kinjo!!! Was blind but now I see…!!!