Bashed

I was able to get the root flag by modifying an exploit. Unfortunately I got root for only a short time. I modified the exploit to dump the contents. This is not giving me an actual elevated prompt. I have been digging around the system for almost three days. Enumerating the system to death and I feel like I have looked over, what i think should be simple.

I know this is not the correct method and would like to do it the right way. I am not here for the flags. I want the knowledge. Can anyone push me in the right direction? Reach me via PM.

Thanks for any help.

Look for something that doesn’t belong on a generic linux distro. Basic forensic techniques can help find it fairly quickly (no need to image the drive or anything like that)

Spoiler Removed - Arrexel

So this is my first attempt to priv esc. Need some help though to understand if i am on the right path as i feel am i going in the dark. Have created reverse shell and used LinEnum to enumerate. Seen a couple of things that may help.
If anyone that has solved it successfully is kind to PM so i can ensure that i am on the right path, i would be grateful.

@w31rd0 said:
So this is my first attempt to priv esc. Need some help though to understand if i am on the right path as i feel am i going in the dark. Have created reverse shell and used LinEnum to enumerate. Seen a couple of things that may help.
If anyone that has solved it successfully is kind to PM so i can ensure that i am on the right path, i would be grateful.

Feel free to send me what you’re thinking, @w31rd0

Have reverse shell. Ran enumeration. There are some fishy results, but can’t seem to figure out how to exploit. Looking for a hint. PM please.

PM me if you want a hint :slight_smile:

@ngup said:
Spoiler Removed - Arrexel

sorry i did not mean to reveal anything

Spoiler Removed - Arrexel

@minhhungvn said:
Spoiler Removed - Arrexel

The github repo is unrelated to the machine, although it does explain how to use it once you find it

Hi. Brand new in HTB :slight_smile: and for two days handlling with bashed. Very straightforward to get user.txt /… after that: I got the reverse shell (interactive shell) I did su to an other user … found a script… and after that, I’m getting completely crazy trying to finde the way to gain root. I’m not asking for help… yet … just thinking loudly (and sharing with you). On Sunday Bashed will be removed and I have to hurry up, but I’m very stuck right now. Greetings to all!

Finally I got the root.txt flag, without being root, playing with the scripts we all know. I don’t know exactly why it works getting the flag from there. I some could explain me via PM I would be very gratefull, since my real flag y to learn

Yes!! now I’m root !!! … Sometimes the solution is more like a puzzle than a technical matter :slight_smile: (lateral thinking)
but actually I still don’t understand WHY could I retrieve the flag without being root, as I shared in my previous post

I’ve understood why before gaining root I was able to obtain root.txt … the reason is directly related with the way I gained root access later, but wasn’t aware of that at that moment. Now everything is clear :slight_smile:

well im new to this whole hacking thing and im having trouble getting a foothold in poison. This is the first box im trying and ive gotten the encoded password, but I cant figure out where to go from here. Feel free to PM me as I know the answer will be “enumerate more”, but I can’t figure out how. Could someone please at least point me in the right direction?

on it as well

I don’t know if what I’m gonna say could be consider spoiler or just a hint, but… since bashed is gonna be disabled soon, let me say you the following
The difficulty here is more a matter of close view than techical (of course one must to have some basic skills) . So the hint is: “Try to figure out why some strange things could be happening” :smiley: Enjoy!

once you enumerate and discover the way the flag you want is -u :slight_smile: some googling back when I did this box had me stumble upon that option with the command and all was well.

Many thanks Kinjo!!! Was blind but now I see…!!!

Hi everybody, I would like a little push on PM. I think I am quite close, but since I am new to the privilege esc I am stuck. Would be nice to tell someone what I have done till now and how to proceed.
Cheers!