Traceback

Sweet just completed my first HTB challenge.
looks like i’m 26.6% to a Script Kiddie haha.

To get root I feel like a cheated a bit as i was watching what others where doing on the server and then trying to figure out how they knew that that I/O existed and then i discovered it through tab completion.

I wasted a bunch of time in the beginning using dirbuster and trying to use tfsc.py

On to the next easy rated challenge.

Also I am finding the newest version of Kali to be slow and laggy.
I still have a 2019 on a live usb I may switch back.
Any one else finding 2020 kali to be laggy?

Type your comment> @Lorenzooo said:

Rooted

Fun box!

User hint: You got everything you need in front of you, in all the parts of the entire process to user.txt

Root hint: Look at the process to understand what is going on.

Another hint for root? I’m stuck in the /ec/upd**-mo**.d :S

@AlexCEyoyo said:
Type your comment> @Lorenzooo said:
Another hint for root? I’m stuck in the /ec/upd**-mo**.d :S

Another hint for root? I’m stuck in the /ec/upd**-mo**.d :S

Another hint for root? I’m stuck in the /ec/upd**-mo**.d :S

Finally rooted this machine, took me some days.
For same help, please PM. Will answer questions :slight_smile:

Got initial foothold and user.txt, but machine keeps kicking me out/resetting? Weird.
Like to do some enumeration on the box itself, but cannot get a stable shell it seems.
Tried the tips for spawning a shell from NETSEC [https://netsec.ws/?p=337] , but no luck and no TTY…
Any hints on that one would be appreciated. :wink:

Got root flag. Great machine, especially OSiNT part)
@Xh4H did a great job!
If someone needs help PM me here or discord or other platforms, maybe my noobish advice helps you).
From this box, people need to understand different between > and >> and why > ruin others shells.

Type your comment> @Wrebra said:

Got initial foothold and user.txt, but machine keeps kicking me out/resetting? Weird.
Like to do some enumeration on the box itself, but cannot get a stable shell it seems.
Tried the tips for spawning a shell from NETSEC [https://netsec.ws/?p=337] , but no luck and no TTY…
Any hints on that one would be appreciated. :wink:

Try using python3

Rooted awesome box, i couldn’t get the final step for a hot minute, kept kicking myself out of the shell

Was wonderting whether /e**/u************.d was the right path for root?

Hi,

I think I have a clear idea on how to get foothold, but I am not able to work with the tool. I am invoking it directly but it returns an error…

Pretty irritating to see people deleting files that are needed or resetting the box every few minutes. I already rooted this box and had fun doing so, I then made sure to clear my artifacts like a good boy.

Pfffft, finally got root. Thanks for the creator(s) and many many many more thanks to all of you with the hints you left on the forum board!
This took me way too long, I over-complicated stuff.
In hindsight I saw the possible root direction right after I got user.txt and did some enumeration, but thought that would be too obvious. LOL

Stuck at initial enum, tried searching on various aspects mentioned in the comments OSINT and Google , still no way in.

@uditkapahi said:

Stuck at initial enum, tried searching on various aspects mentioned in the comments OSINT and Google , still no way in.

Did you find the g****b page? If so, search it for the phrase and it takes you to a place where lots of things are stored. You can then create wordlist for these and enumerate for it.

Finally got root. Very interesting machine. My tips:

  • The key is to enumerate everything and don’t over complicate things
  • For initial foothold, check for the hacker and his comment and do some OSINT techniques
  • For user, basic enumeration es enough
  • For root, check for weak permissions on files. It’s always a good idea to check for processes that are running.

Hope no spoilers were given.

Fun box. A balanced challenge for beginners. Thanks @Xh4H!

hi there, i managed to get wan and i also know which commands it can execute (l*t). I have also written a la script to get user.txt but when i run it i get:

sudo: no tty present and no askpass program specified

i am stuck with this from days… could someone help me please??

Hi, I was able to get the root flag, but without being able to actually open a root reverse shell. Could someone that was actually able to do so PM me and explain me how he manage to do it ? Thanks !