Traceback

Type your comment> @MaximumBob said:

I guess my osint skills are trash because I just don’t get what I am supposed to do. I found some stuff based on what i found in the HTML source and I have tried all the shells I have found based on my google search but i just get 404. Can someone help me out?

you need to search for author fav shells

Hack The Box

I’m a beginner. Not able to ssh w**a**** without a password. Any tips?

Type your comment> @gravecode said:

I’m a beginner. Not able to ssh w**a**** without a password. Any tips?

If you are that user, is there something you can add that will let you in without a password? Though I would save it for later, you can do all (or almost all depending on your final vector) without SSH, just pivoting off the initial foothold session.

ROOTED ??
This machine was frustrating at times but ended up being pretty simple. Overall I liked it and had fun. Learned a new way to priv esc and learned about the Message of The Day.
Nudges
Foothold: OSINT
User: Check what you have privs to run as someone else
Root: Check to see what you have write access to

PM me for Nudge

root@traceback:~# whoami
root
root@traceback:~# id
uid=0(root) gid=0(root) groups=0(root)
root@traceback:~#

but…the root flag is not working :expressionless:

Type your comment> @D0p4m1n3 said:

root@traceback:~# whoami
root
root@traceback:~# id
uid=0(root) gid=0(root) groups=0(root)
root@traceback:~#

but…the root flag is not working :expressionless:

Might have something to do with this HTB News | Integrity of Hack The Box. Don’t hold me to it though. I rooted earlier today and it accepted my root flag

Type your comment> @ByteM3 said:

Type your comment> @D0p4m1n3 said:

root@traceback:~# whoami
root
root@traceback:~# id
uid=0(root) gid=0(root) groups=0(root)
root@traceback:~#

but…the root flag is not working :expressionless:

Might have something to do with this HTB News | Integrity of Hack The Box. Don’t hold me to it though. I rooted earlier today and it accepted my root flag

i have a feeling that is the issue, but i copied and pasted the key within seconds, no reset between or something.

Type your comment> @D0p4m1n3 said:

Type your comment> @ByteM3 said:

Type your comment> @D0p4m1n3 said:

root@traceback:~# whoami
root
root@traceback:~# id
uid=0(root) gid=0(root) groups=0(root)
root@traceback:~#

but…the root flag is not working :expressionless:

Might have something to do with this HTB News | Integrity of Hack The Box. Don’t hold me to it though. I rooted earlier today and it accepted my root flag

i have a feeling that is the issue, but i copied and pasted the key within seconds, no reset between or something.

After a reset I rooted the box again and the new key worked.

how do you edit 00-****** to put a script or something??? and does own**.msg have anything to do with anything? I have an ssh shell and I’m just lost here

@gravecode said:

I’m a beginner. Not able to ssh w**a**** without a password. Any tips?

It depends what you’ve done and what you are trying to do.

In general, with SSH, you can bypass password authentication if you have generated authentication keys and your public key is stored in the correct location on the server.

@D0p4m1n3 said:

i have a feeling that is the issue, but i copied and pasted the key within seconds, no reset between or something.

I’ve been confused by this. I rooted the box on Sunday and I redid it twice today (once before a reset and once after). All three times had the same flag.

@lucaswebb24 said:

how do you edit 00-****** to put a script or something??? and does own**.msg have anything to do with anything? I have an ssh shell and I’m just lost here

There are lots of ways you can edit a file in linux (vim is a good one to try). You dont have to use a text editor to add contents or replace the contents of a file.

Spoiler Removed

Type your comment> @TazWake said:

@D0p4m1n3 said:

i have a feeling that is the issue, but i copied and pasted the key within seconds, no reset between or something.

I’ve been confused by this. I rooted the box on Sunday and I redid it twice today (once before a reset and once after). All three times had the same flag.

maybe this was just before they activated the new rolling flags.

Nevermind, it worked after someone reset machine.

@TazWake still looking. Tried every text editor i know, and echo is the only injection method I can think of

Got the flag for user but hackthebox gives out an error when i submit it !! Any idea whats wrong ?

Yeah running into the same issue, have the root flag but its not accepting it =/

Gonna try resetting the box to see if that works

Just got root and flag was accepted. It was fun, especially triggering all the events while fending off resets on shoutbox and praying login keys won’t get deleted in the meantime. Thanks @Xh4H

@D0p4m1n3 said:

maybe this was just before they activated the new rolling flags.

Based on the errors people are reporting - possibly - but it was after the announcement :smile:

EDITED:
Ok - have just checked now and it is a different flag. Awesome.