Bashed

Have reverse shell. Ran enumeration. There are some fishy results, but can’t seem to figure out how to exploit. Looking for a hint. PM please.

PM me if you want a hint :slight_smile:

@ngup said:
Spoiler Removed - Arrexel

sorry i did not mean to reveal anything

Spoiler Removed - Arrexel

@minhhungvn said:
Spoiler Removed - Arrexel

The github repo is unrelated to the machine, although it does explain how to use it once you find it

Hi. Brand new in HTB :slight_smile: and for two days handlling with bashed. Very straightforward to get user.txt /… after that: I got the reverse shell (interactive shell) I did su to an other user … found a script… and after that, I’m getting completely crazy trying to finde the way to gain root. I’m not asking for help… yet … just thinking loudly (and sharing with you). On Sunday Bashed will be removed and I have to hurry up, but I’m very stuck right now. Greetings to all!

Finally I got the root.txt flag, without being root, playing with the scripts we all know. I don’t know exactly why it works getting the flag from there. I some could explain me via PM I would be very gratefull, since my real flag y to learn

Yes!! now I’m root !!! … Sometimes the solution is more like a puzzle than a technical matter :slight_smile: (lateral thinking)
but actually I still don’t understand WHY could I retrieve the flag without being root, as I shared in my previous post

I’ve understood why before gaining root I was able to obtain root.txt … the reason is directly related with the way I gained root access later, but wasn’t aware of that at that moment. Now everything is clear :slight_smile:

well im new to this whole hacking thing and im having trouble getting a foothold in poison. This is the first box im trying and ive gotten the encoded password, but I cant figure out where to go from here. Feel free to PM me as I know the answer will be “enumerate more”, but I can’t figure out how. Could someone please at least point me in the right direction?

on it as well

I don’t know if what I’m gonna say could be consider spoiler or just a hint, but… since bashed is gonna be disabled soon, let me say you the following
The difficulty here is more a matter of close view than techical (of course one must to have some basic skills) . So the hint is: “Try to figure out why some strange things could be happening” :smiley: Enjoy!

once you enumerate and discover the way the flag you want is -u :slight_smile: some googling back when I did this box had me stumble upon that option with the command and all was well.

Many thanks Kinjo!!! Was blind but now I see…!!!

Hi everybody, I would like a little push on PM. I think I am quite close, but since I am new to the privilege esc I am stuck. Would be nice to tell someone what I have done till now and how to proceed.
Cheers!

An other hint: “Review concepts like ownership and permissions”

Now that it is retired I can’t wait to read the write-up.
Got the user.txt but I couldn’t get the root.txt.
It was my first machine, though!

@HASLima said:
Now that it is retired I can’t wait to read the write-up.
Got the user.txt but I couldn’t get the root.txt.
It was my first machine, though!

also you can see the ippsec video on youtube

the machine was retired and my points too, why? is it normal?

@K43P said:
the machine was retired and my points too, why? is it normal?

yeah, when machine retires, points retire to