Book

18911131421

Comments

  • Any root hint stuck here:(

  • Type your comment> @0xstain said:

    Any root hint stuck here:(

    Look at running services, look at files (in your directory) that are a bit out of place, connect the dots.

    b3nn
    PM for nudges, but tell me what you've got so far. If I helped you, remember to give respect.

  • I totally have no clue how let the site expose additional data, maybe someone is willing to TEACH me? Or tell me what to read first?
    Please PM!

  • Type your comment> @karl99 said:

    I totally have no clue how let the site expose additional data, maybe someone is willing to TEACH me? Or tell me what to read first?
    Please PM!

    Have you got admin? if so, there is a functionality within the webapp that allows some sort of "interaction" between the user and admin. When the Admin performs his action, certain things are loaded dynamically then and there.

    b3nn
    PM for nudges, but tell me what you've got so far. If I helped you, remember to give respect.

  • Hey everyone, this box has been a good learning experience. I could use a little help with getting root. I'm pretty confident I have figured out what needs exploited, but I can't figure out how to trigger it. I've been at this for a few nights now, but I'm pretty much just stuck at this point. If anyone is willing to nudge me a bit, please post here or PM me. Much appreciated!

  • @dskeet said:

    Hey everyone, this box has been a good learning experience. I could use a little help with getting root. I'm pretty confident I have figured out what needs exploited, but I can't figure out how to trigger it. I've been at this for a few nights now, but I'm pretty much just stuck at this point. If anyone is willing to nudge me a bit, please post here or PM me. Much appreciated!

    Set up the delivery file, run the exploit, modify the target file.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Type your comment> @TazWake said:

    @dskeet said:

    Hey everyone, this box has been a good learning experience. I could use a little help with getting root. I'm pretty confident I have figured out what needs exploited, but I can't figure out how to trigger it. I've been at this for a few nights now, but I'm pretty much just stuck at this point. If anyone is willing to nudge me a bit, please post here or PM me. Much appreciated!

    Set up the delivery file, run the exploit, modify the target file.

    Thanks. I'm an idiot. Much simpler thank I was making it.

  • Managed to get private key for user r***** but...

    Load key "id_rsa": invalid format
    r*****@b.'s password:

    This is sooo frustrating. What am I doing wrong?

  • Type your comment> @awarkozak said:

    Managed to get private key for user r***** but...

    Load key "id_rsa": invalid format
    r*****@b.'s password:

    This is sooo frustrating. What am I doing wrong?

    The text of the key is too big to fit on the file you are rendering it too. So when you copy and paste you aren't getting all of the characters. Change things up to make the keys text fit where you are rendering it.

  • Root Dude, learn much new thing from this box
    thank you for @EnigmaNL and @TazWake for the hint :)

  • Rooted. Many new things for me.
    Thx to all the people who helped me.
    If you're stuck - PM me and i help you.

  • Very cool box !

    I lost hours in trying to exploit the wrong field for getting user....

    User hint: if you don't have enough "place", maybe there is a better place ;)

    Root hint: Monitor what is happening, do some research, find a spell recipe and profit !

    OSCP, OSWP, GCIH, CEH, Security+, VHL Advanced+

    https://www.phrozen.io/

    Hack The Box

  • Finally rooted.
    It was a journey. A big thank you to @TazWake (I think you should start making machines) and @nasri136TH who helped with user.
    The thing with this box is, if you don't know the specific name / vector of the attack you will have a very hard time. There are two articles that describe almost perfectly what you need to do in the first and second parts of user. The thing is, it is very difficult to find them without a good understanding of what the machine is actually doing.
    PM me for these links if you want.

    Root is difficult on public servers, but you can use a good payload to overcome it (the published one is not very good IMO). Shoot me a PM if you want to discuss payloads.

    @MrR3boot, Thanks a lot! It was a great machine. To all machine builders, maybe consider disabeling system-wide messaging (write/wall).

  • @JayThree said:

    The thing is, it is very difficult to find them without a good understanding of what the machine is actually doing.

    This is a very valid point. I think this bit makes it on the harder end of medium.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • @TazWake @snownoob I thank you both for leading me to rooting this box. Definitely learned a lot, and I would've been stuck in the blind if it wasn't for you guys.

  • Struggling with root.. I've been staring at processes for 2 days now, googling everything I can see running, and I'm just not seeing anything useful :/
  • @ShadowSuave said:
    Struggling with root.. I've been staring at processes for 2 days now, googling everything I can see running, and I'm just not seeing anything useful :/

    Same here. Let me know if you have any luck.

  • Can someone please help me on root? I know what service is the target but really need a better understanding of how it works. Been stuck at this for a long time and I feel it shouldn't be as difficult as it is for me right now

  • Im stuck at root, I have identifyed the service, but I cannot open the reverse shell aswell.
    Can someone PM me?
  • just rooted amazing box but it took me a while thought to figure out some things
    i wouldn't say i have full credit i ve got a little hints from the guys here thank you btw
    i actually learned quiet few things
    we are all learning here Ping me for help i ll answer as soon as i can

  • @ivnnn1 said:

    Im stuck at root, I have identifyed the service, but I cannot open the reverse shell aswell.
    Can someone PM me?

    There are better ways to get a secure shell on a linux machine than trying to get reverse shells.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • @awarkozak said:

    Can someone please help me on root? I know what service is the target but really need a better understanding of how it works. Been stuck at this for a long time and I feel it shouldn't be as difficult as it is for me right now

    Read the exploit. There is a bit which explains how to do it (although the example wont work on Book as written) and the source code shows how it works.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • edited March 2020

    Thank you @MrR3boot for a great box and I finally got root after what seemed like an eternity.

    There are a few people that helped along the way and I would like to thank all of them and especially @snownoob and @MariaB for their help and patience as I worked my way through this totally frustrating and overall excellent learning experience.

    It is my turn to return the help to others that may be struggling and time for my next challenge.

    N3ph0s

    Discord n3ph0s#7012

  • edited March 2020

    :)

  • Hi,

    I am stuck with root l**r***** syntax. Would anybody PM me with nudge, please.

  • Hey guys. I am stuck on root. I am pretty sure what to do . However I cannot manually force . Any nudges ?

  • Finally rooted! Many thanks to @snownoob for the nudge towards user! This has got to be one of the best boxes on htb imo. There were lots of learning points to take away, especially for the initial foothold - I had spent close to a week on it. Root didn't take too long once you notice what's unusual there.

  • edited March 2020

    Despite all the hints I am still stuck on user.
    I have admin rights and can see from the hints that I can put something in the f*** u****d screen that will cause code to be executed on the server when it generates a p**
    But I have no idea how any of that could work so would be grateful if someone would nudge me in the right direction.

  • edited March 2020

    @bobd91 said:

    Despite all the hints I am still stuck on user.
    I have admin rights and can see from the hints that I can put something in the f*** u****d screen that will cause code to be executed on the server when it generates a p**
    But I have no idea how any of that could work so would be grateful if someone would nudge me in the right direction.

    There is a really helpful article on the internet about this kind of exploit. I will pm you the link to it

    Kevoenos

Sign In to comment.