Traceback

Box was slightly too easy in my opinion. Repeated exploitation path from a previous machine was a bit insulting as well.

Not a bad box for beginners, but if you’re seasoned, it will probably feel like more of a chore than anything else.

No tips from me on this one. Everything in the comments is already enough.

As soon as I spawn my shell, the intended tool to be used is asking for password. did anyone else have to deal with something similar?

i’m stuck since i’m in webadmin, how do i go into sysadmin ??

Type your comment> @LSnake said:

i’m stuck since i’m in webadmin, how do i go into sysadmin ??

check what you can execute as s*** . you might find something intresting

i think i should do something with luvit? how can I use it?> @Princevil said:

Type your comment> @LSnake said:

i’m stuck since i’m in webadmin, how do i go into sysadmin ??

check what you can execute as s*** . you might find something intresting

i think i should do something with luvit? how can I use it?

Type your comment> @LSnake said:

i think i should do something with luvit? how can I use it?> @Princevil said:

Type your comment> @LSnake said:

i’m stuck since i’m in webadmin, how do i go into sysadmin ??

check what you can execute as s*** . you might find something intresting

i think i should do something with luvit? how can I use it?

seems you are on right track . check user folder there are some more intresting stuff to understand .

“Unexpected symbol…” error. What am i missing here?
Update: GOT IT!

I guess my osint skills are trash because I just don’t get what I am supposed to do. I found some stuff based on what i found in the HTML source and I have tried all the shells I have found based on my google search but i just get 404. Can someone help me out?

Type your comment> @MaximumBob said:

I guess my osint skills are trash because I just don’t get what I am supposed to do. I found some stuff based on what i found in the HTML source and I have tried all the shells I have found based on my google search but i just get 404. Can someone help me out?

you need to search for author fav shells

Hack The Box

I’m a beginner. Not able to ssh w**a**** without a password. Any tips?

Type your comment> @gravecode said:

I’m a beginner. Not able to ssh w**a**** without a password. Any tips?

If you are that user, is there something you can add that will let you in without a password? Though I would save it for later, you can do all (or almost all depending on your final vector) without SSH, just pivoting off the initial foothold session.

ROOTED ??
This machine was frustrating at times but ended up being pretty simple. Overall I liked it and had fun. Learned a new way to priv esc and learned about the Message of The Day.
Nudges
Foothold: OSINT
User: Check what you have privs to run as someone else
Root: Check to see what you have write access to

PM me for Nudge

root@traceback:~# whoami
root
root@traceback:~# id
uid=0(root) gid=0(root) groups=0(root)
root@traceback:~#

but…the root flag is not working :expressionless:

Type your comment> @D0p4m1n3 said:

root@traceback:~# whoami
root
root@traceback:~# id
uid=0(root) gid=0(root) groups=0(root)
root@traceback:~#

but…the root flag is not working :expressionless:

Might have something to do with this HTB News | Integrity of Hack The Box. Don’t hold me to it though. I rooted earlier today and it accepted my root flag

Type your comment> @ByteM3 said:

Type your comment> @D0p4m1n3 said:

root@traceback:~# whoami
root
root@traceback:~# id
uid=0(root) gid=0(root) groups=0(root)
root@traceback:~#

but…the root flag is not working :expressionless:

Might have something to do with this HTB News | Integrity of Hack The Box. Don’t hold me to it though. I rooted earlier today and it accepted my root flag

i have a feeling that is the issue, but i copied and pasted the key within seconds, no reset between or something.

Type your comment> @D0p4m1n3 said:

Type your comment> @ByteM3 said:

Type your comment> @D0p4m1n3 said:

root@traceback:~# whoami
root
root@traceback:~# id
uid=0(root) gid=0(root) groups=0(root)
root@traceback:~#

but…the root flag is not working :expressionless:

Might have something to do with this HTB News | Integrity of Hack The Box. Don’t hold me to it though. I rooted earlier today and it accepted my root flag

i have a feeling that is the issue, but i copied and pasted the key within seconds, no reset between or something.

After a reset I rooted the box again and the new key worked.

how do you edit 00-****** to put a script or something??? and does own**.msg have anything to do with anything? I have an ssh shell and I’m just lost here

@gravecode said:

I’m a beginner. Not able to ssh w**a**** without a password. Any tips?

It depends what you’ve done and what you are trying to do.

In general, with SSH, you can bypass password authentication if you have generated authentication keys and your public key is stored in the correct location on the server.

@D0p4m1n3 said:

i have a feeling that is the issue, but i copied and pasted the key within seconds, no reset between or something.

I’ve been confused by this. I rooted the box on Sunday and I redid it twice today (once before a reset and once after). All three times had the same flag.

@lucaswebb24 said:

how do you edit 00-****** to put a script or something??? and does own**.msg have anything to do with anything? I have an ssh shell and I’m just lost here

There are lots of ways you can edit a file in linux (vim is a good one to try). You dont have to use a text editor to add contents or replace the contents of a file.