Book

Thank you @MrR3boot for a great box and I finally got root after what seemed like an eternity.

There are a few people that helped along the way and I would like to thank all of them and especially @snownoob and @MariaB for their help and patience as I worked my way through this totally frustrating and overall excellent learning experience.

It is my turn to return the help to others that may be struggling and time for my next challenge.

:slight_smile:

nice box

Hi,

I am stuck with root lr*** syntax. Would anybody PM me with nudge, please.

Hey guys. I am stuck on root. I am pretty sure what to do . However I cannot manually force . Any nudges ?

Finally rooted! Many thanks to @snownoob for the nudge towards user! This has got to be one of the best boxes on htb imo. There were lots of learning points to take away, especially for the initial foothold - I had spent close to a week on it. Root didn’t take too long once you notice what’s unusual there.

Despite all the hints I am still stuck on user.
I have admin rights and can see from the hints that I can put something in the f*** u****d screen that will cause code to be executed on the server when it generates a p**
But I have no idea how any of that could work so would be grateful if someone would nudge me in the right direction.

@bobd91 said:

Despite all the hints I am still stuck on user.
I have admin rights and can see from the hints that I can put something in the f*** u****d screen that will cause code to be executed on the server when it generates a p**
But I have no idea how any of that could work so would be grateful if someone would nudge me in the right direction.

There is a really helpful article on the internet about this kind of exploit. I will pm you the link to it

At last! Thanks to all that helped me on this journey!

Finally i’ve managed to pwn this book!
I think it should be rated as hard not medium.

foothold: try to overwrite the admin user using uncommon technique!
user: try to find one of the owasp top 10 and exploit it to read what you need.
root: pspy and linenum.sh results will take your attention about something supposed to be normal but it’s not, and you should be very fast as rocket to be able to get root permissions and don’t forget that google is your best friend.

if you pwned it DM me to discuss the different solutions and if you don’t just DM me for help.

Rooted !
Foothold and User was interesting !
Root was quite straightforward but ended up being a game of cat and mouse !
PM for nudges !

Finally finished this book.
Root part was only hard because so many people try to do the same thing.

Foothold: What doesn’t work right in your browser might work better in Burp… Or try other ways to print the character you need.

User: You can control something while uploading and see the output while downloading

Root: Straightforward when there’s no other users trying to do the same thing, its literally a race! There some good writeups available on the exploit but it does require a little tuning…

Rooted at last!
Thanks to all for hints and @Kevoenos for nudging me towards user.

And thanks to @MrR3boot for a great learning experience.

Wooooahhhh!! rooted!!

After initial frustation (my fault btw) and some kind messages of some nice guys that make me think i’ve discarded too fast the right “way” in my first attemps.
(Don’t forget to try things and check an recheck results, specially in free servers)

Starting again and then all flows nicely, a very very nice travel (another!) from @MrR3boot airlines with his particular signature, well selected and not “mainstream” techniques, a very coherent setup that feels sooo “real” and a very well planned step-by-step path that make all his boxes delightfull, very very sattisfying when finished and a very “pedagogical” experience, with some good points to write down and keep in our records :slight_smile:

Good Work! Thanks!

Finally, obtain root!!!

This is my first medium box. I can’t judge whether it is medium-hard. At least, the box is not usual in HTB…

Thanks @TazWake for the user part. I am new to that kind of approach.
Thanks @MrR3boot for this box! This is a really long journey like walking in a desert. Telling you nothing you can do. It leads me to read some good stuff I never notice before. Learn a lot from this box.

DM me if you want some hints not procedures.

Any hints on forcing the l**r***** update? Got everything apart from this, tried a few things like s******g the a*****.l** but can’t seem to get it to trigger.

Edit: Rooted, cheers rulzgz :slight_smile: Missed out something obvious, really fun box!

Man… what a journey! Finally rooted this box!!! Thank you @MrR3boot , you surely thought me well with this machine but root part was overwhelmingly challenging, i think that was not necessary… tried so many payloads but finally did it. pm me for nudges!

Type your comment> @willpr said:

Any hints on forcing the l**r***** update? Got everything apart from this, tried a few things like s******g the a*****.l** but can’t seem to get it to trigger.

Look for already rot…ed l.g files, look at the size, date, etc… to figure what you need to do to the l.g file that still doesn’t ro…te

I am struggling because the iframe is not loading any common files i think, cant read text files. Any tag i should try?

Could anyone help me on foothold to login in to the ad*** page with ad*** user. How could we identify the prefect user and password.