Traceback

145791030

Comments

  • @sparkla yes root flag will unzip the write-ups

    th3jiv3r

  • And rooted.
    Took my time with this one and made sure I was comfortable with everything I was doing and why.
    Interesting beat the clock moment to get root.
    I'm pretty sure I did it different to most people.

    As always PM if you want a nudge

  • @thescriptkiddy where do you look for scripts? and PoC exploits, tools... go there and you will know what too look for.

    Hack The Box

  • Any hints on how to determine which script to use/how exactly to use them. I apologize, I am a bit of a beginner. Thanks!

  • sometimes the only right way is the long way - try em all

  • We have redistributed the machine with small changes to avoid people deleting crucial files.

  • edited March 2020
    Haaa.. I was just in a middle of something... Noticed some changes now, hope the box would be more stable

    Hack The Box

  • Spoiler Removed

  • edited March 2020

    Type your comment> @ratcanska said:

    Guys, there is no anymore file *SPOILER.!!

    Lol, i had the same feeling, look around, it's been moved to his colleague folder...

    Finally got flag without root shell, i was struggling to get my listener respond...

    Hack The Box

  • STOP RESET THE BOX! each 30 second the box is resetted, please ! come on !
    i cant neither type some command ! when you hack leave your trace and dont mess the machine!

  • WHY THE F*** ARE YOU DELETING FILES

    Hack The Box

  • This is ridiculous. Bans should be implemented for people who are interfering and deleting files/moving files. I'm going to wait to try and get root until this becomes more stable.

  • can someone give me a nudge on what to do after getting shell... i tried ssh but it didnt work id_**a is not there... ik there is a hint in n***.txt but i cant crack it... some help would be appriciated

    Hack The Box

  • i've found the webshells. How do I use it to connect to the backdoor?

  • Would anyone mind helping out with the last step for root? Just need a little nudge.

  • Type your comment> @onikage04 said:

    i've found the webshells. How do I use it to connect to the backdoor?

    do fuzzing

  • No fuzzing really required for this box

    Hack The Box

  • edited March 2020

    Type your comment> @cyberafro said:

    No fuzzing really required for this box

    so how can I connect those webshell? I've git cloned all those php files....now?!
    Sometimes with gobuster I find files on the webserver, than the connection drops and all is gone..

    Now I'm starting dirsearch..

  • You already have what you need if you find the webshell, just type the full url

    Hack The Box

  • Hello friends -

    First time posting here. Very new at this.

    I'm running into "Invalid format" error when I tried to ssh in with certain given "authorized_keys". I do see the message of "I guess things can be configured better" but I'm pretty lost as for what to do. Any hint will be much appreciated!

  • Very interesting machine and was very enjoyable.

    User Hint: Think of the basics and use OSINT to gain information to get a foothold.

    Root Hint: Remember your enumeration when you get an initial hook in a machine.

    Feel free to DM me for any bumps this is my first time posting on the forums so I would really like to help out if you need it :smiley: cheers

  • Awesome machine! :) thx

    GotRoot

  • and someone had the brilliant idea of deleting files. I get back to this box after getting the user flag two days ago (yes i'm taking my time) and get to see people are accessing this and deleting file s forcing others to reset it.

    I've seen this message being repeated too many times by people engaged here but I guess some of it needs to be constantly repeated: most HTB boxes do not require any BRUTEFORCING, anything you do like deleting files affects other people's experience here. PLEASE be mindful and considerate with others, just like we ALL need to be while dealing with the Coronavirus (separate issue).

    Hack The Box
    CISSP | eJPT

  • Type your comment> @cyberafro said:

    Type your comment> @ratcanska said:

    Guys, there is no anymore file *SPOILER.!!

    Lol, i had the same feeling, look around, it's been moved to his colleague folder...

    Finally got flag without root shell, i was struggling to get my listener respond...

    My listener keeps hanging.

  • first time posting a comment here.
    really fun and unique machine, enjoyed everything apart from the fact that it is unresponsive at times due to people bruteforcing.
    here are some of my hints.

    FOOTHOLD: google the hint given by the box creator and try everything you have found.

    USER: enumerate, read the files, know your powers and what they can do.

    ROOT: pspy and find something writable...

    have fun!

  • edited March 2020

    Are there files missing from the box that need to be there?

  • Thanks @Xh4H for the really fun box!

  • why must people constantly reset the box? Nothing is missing, I can assure you. How about you test your stuff locally before assuming the box is incorrect?

  • Be patient Guys !
    This is just an easy machine, so Resetting and deleting files is expected by script kiddies !
    There is a lot of traffic in this box, stay calm and be patient :)

    Anyway all hints are available
    User: How to assign a permission to someone in Linux, Someone is already assigned !
    Root: Catch the automation and inject in certain time !

  • edited March 2020

    Rooted.
    Easy user, hard root (for me, anyway).

    All tips posted on forum already are definitely enough, seriously just had to try harder to get it in the end.

    Hack The Box

Sign In to comment.