Looking for a very very small nudge on user I have creds, I know about ~**** with n***** server. I feel like I'm missing something simple. Please PM me.
Just read the conf file carefully.
you will get what you want
Can anyone shoot me a tip on how to get from inital foothold to user flag? i used MSFConsole and a py script to exploit a 0 day. have access each way but no permissons to do much. trying to comb though conf files and such. i feel like i am very close.
dont know much about GTFO
you dont need GTFO for initial steps.
You should just explore the directories
you might find something
Finally rooted ! Second box after postman. The really hard part was getting user (took me a few days). Then the root part is really easier than you think. All the hints on this forum are more than enough (kinda regret reading it tbh).
I've used the exploit with a .py script (it seems I'm not that good with MSF, I'll need to work on that.) .
I've found the hash in the location described in the conf file and got the N.....e pwd.
I also know about the existence of the ~...... page which block my entrance.
With effort I'm trying to find maybe folders/files underneath this folder but I feel like I'm on the wrong track.
No clue for root, but that will be for later on.
please help me!
~ p.s. I've read through all the 41 pages and I'm just not seeing what I think I'm supposed to see in the conf/man ~
Hi all.
I know i'm the n-th to ask, but:
i've used the exploit that drive to /usr/bin as www-data, but i'm stuck here.
Anyone willing to pm me?
Thanks in advance.
After a lot of hours...finally rooted. And I didn't need to "resize" my terminal but at first I didn't understad why that command worked. After with root privileges, checked the s*****s file tells more, why.
It was a very fun box with easy and not-so-easy steps, especially the user part.
First: As always....
User: Exploit, then you should find some config files, which can give you hint for the next step. After you found the proper folder, you should download a necessary file from that. With some cracking tool you can figure out the credential and can use it for log in.
Root: Everything will be "in your room". Check those and you can find files which can help, how can move forward. And don't forget the GTFObins
many thanks to eviltor13 and bytem3 fol helping in root!
foothold: google is your friend
user: enumerate the box maybe you might find something that your not supose to find?
root : check out the trash maybe you might find something there and also google is friend in this one ... refer o the one above me if your confuse!
Rooted this a while ago, finished writing the report for it.
My hints for all:
User: Google, use what's in front of you. Then, RTFM. Can't stress this enough, it will be confusing but eventually you'll get it.
Root: Standard stuff, everything is in your room. Read it, search it, understand it. Take it over.
Feel free to message me if you want any hints or nudges!
If I helped you out at all, feel free to click my badge and give +1 respect!
rooted, root was much easier than user albeit rather strange.
User Hint : Look for app specific exploits to get a foothold. Once you have a limited shell, look at the application config files to see where sensitive info may be hidden. Focus on alternatives to passwords.
Root Hint : Look at the files within the homedir of the user and look at the context under which the commands are being run. Play about with it and terminal size matters.
Thanks to the creator of the box as had alot of fun with this one.
Fun one. In retrospect user was more of a pain than root. Root is right there and you know it's right there, just getting it to work right is a bit of a pain. User I'd be lost without the forums.
Finally ROOTED !
It's my second box and that wasn't easy for me, but I'm getting used to it
foothold: do your recon and search for CVEs and exploit it
user: read the conf and the manual carefully you should figure out something to get access to user's dir, If you got it and still stuck maybe you can read the CVE source code too, it helped me to identify what I missed
root: GTFO bin and resizing are the key
hope that's not spoiling, actually most of it are what I got from this discussion
feel free to PM if you got stuck
This is my first box . I got stuck with user. I got the password by cracking the hash i got from h*****d. I am confused where to use it and to proceed further
rooted.
if you are having trouble with root - remember to first resize, only then call the relevant portion of the command from that .sh script to force that j*****l to start with LESS (super hint - no need for pipes), only then GTFO... I've wasted 1 hour just to understand it but now it's all clear...
feel free to pm if needed
All hints are already given. Just a request, please do not add custom scripts on /home directories. Use /tmp/ or /dev/shm/ directories and change existing scripts or files.
Enumerate everything that is in front of you.
This is my first box . I got stuck with user. I got the password by cracking the hash i got from h*****d. I am confused where to use it and to proceed further
That file has a specific use - google it and it will tell you where you need to use it.
If you are running a shell in the account of a webserver, look at the places the webserver can access. This will give you the folders you need to look at.
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
Comments
Type your comment> @LSCSG said:
Just read the conf file carefully.
you will get what you want
Type your comment> @johnmflynch said:
you dont need GTFO for initial steps.
You should just explore the directories
you might find something
Finally rooted ! Second box after postman. The really hard part was getting user (took me a few days). Then the root part is really easier than you think. All the hints on this forum are more than enough (kinda regret reading it tbh).
Hey Guys,
I need a nudge in the right direction.
I've used the exploit with a .py script (it seems I'm not that good with MSF, I'll need to work on that.) .
I've found the hash in the location described in the conf file and got the N.....e pwd.
I also know about the existence of the ~...... page which block my entrance.
With effort I'm trying to find maybe folders/files underneath this folder but I feel like I'm on the wrong track.
No clue for root, but that will be for later on.
please help me!
~ p.s. I've read through all the 41 pages and I'm just not seeing what I think I'm supposed to see in the conf/man ~
rooted. Agree that root was a little CTFy.. I thought I could get it to work with environment but size was the only way.
Hi all.
I know i'm the n-th to ask, but:
i've used the exploit that drive to /usr/bin as www-data, but i'm stuck here.
Anyone willing to pm me?
Thanks in advance.
My first root on an active box. Many thanks to @OffsecGeek01 for the help. Much appreciated!
> My first root on an active box. Many thanks to @OffsecGeek01 for the help. Much appreciated!
Your welcome!
After a lot of hours...finally rooted. And I didn't need to "resize" my terminal but at first I didn't understad why that command worked. After with root privileges, checked the s*****s file tells more, why.
It was a very fun box with easy and not-so-easy steps, especially the user part.
First: As always....
User: Exploit, then you should find some config files, which can give you hint for the next step. After you found the proper folder, you should download a necessary file from that. With some cracking tool you can figure out the credential and can use it for log in.
Root: Everything will be "in your room". Check those and you can find files which can help, how can move forward. And don't forget the GTFObins
many thanks to eviltor13 and bytem3 fol helping in root!
foothold: google is your friend
user: enumerate the box maybe you might find something that your not supose to find?
root : check out the trash maybe you might find something there and also google is friend in this one ... refer o the one above me if your confuse!
Rooted this a while ago, finished writing the report for it.
My hints for all:
User: Google, use what's in front of you. Then, RTFM. Can't stress this enough, it will be confusing but eventually you'll get it.
Root: Standard stuff, everything is in your room. Read it, search it, understand it. Take it over.
Feel free to message me if you want any hints or nudges!
If I helped you out at all, feel free to click my badge and give +1 respect!
rooted. PM for help
Well I got this after some major adjustments but I tried it another way and I cannot figure out why one works and the other did not
User Hint : Look for app specific exploits to get a foothold. Once you have a limited shell, look at the application config files to see where sensitive info may be hidden. Focus on alternatives to passwords.
Root Hint : Look at the files within the homedir of the user and look at the context under which the commands are being run. Play about with it and terminal size matters.
Thanks to the creator of the box as had alot of fun with this one.
Nugget!
whoami
root
plenty of clues in these forums...but let me know if you need any assistance.
got root much more faster then the first user.
tried too much usless stuff (start own web server etc.) to get the secret, but it was way more simple.
Thx for the box, pm me if you need a hint.
Can i get some suggestions if my screen is sooooooooooo tiny yet cant get something to invoke to use it......HELP!!
Update: Rooted.....stupid cats
Fun one. In retrospect user was more of a pain than root. Root is right there and you know it's right there, just getting it to work right is a bit of a pain. User I'd be lost without the forums.
Good box.
Finally ROOTED !
It's my second box and that wasn't easy for me, but I'm getting used to it
foothold: do your recon and search for CVEs and exploit it
user: read the conf and the manual carefully you should figure out something to get access to user's dir, If you got it and still stuck maybe you can read the CVE source code too, it helped me to identify what I missed
root: GTFO bin and resizing are the key
hope that's not spoiling, actually most of it are what I got from this discussion
feel free to PM if you got stuck
Hi all,
First box ever here. I have the initial foothold, but could use some help with the user.
Type your comment> @Ch1m3r4 said:
take closer look of man of the server
normal enumeration things may give you some hints
You may use some enumeration tool and read other hints in this discussion
This is my first box . I got stuck with user. I got the password by cracking the hash i got from h*****d. I am confused where to use it and to proceed further
I've found what was hidden. Asked John about what I found. Stuck...
A PM would be amazing...
rooted.
if you are having trouble with root - remember to first resize, only then call the relevant portion of the command from that .sh script to force that j*****l to start with LESS (super hint - no need for pipes), only then GTFO... I've wasted 1 hour just to understand it but now it's all clear...
feel free to pm if needed
Rooted
All hints are already given. Just a request, please do not add custom scripts on /home directories. Use /tmp/ or /dev/shm/ directories and change existing scripts or files.
Enumerate everything that is in front of you.
@leeat1rrupti0n said:
That file has a specific use - google it and it will tell you where you need to use it.
If you are running a shell in the account of a webserver, look at the places the webserver can access. This will give you the folders you need to look at.
Note: https://www.nohello.com/
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
Thanks @TazWake you the best i wouldnt have solved this without your help. i really appreciate this