Traverxec

13940414345

Comments

  • ROOTED MY FIRST MACHINE!!!
    But I don't know what you mean with resizing windows.. If someone wants to tell me it would be appreciated.
    What a beautiful website, thank you all guys!

    Hack The Box

  • Hey, can someone help me. I got to the initial reverse shell but i'm having trouble with user.

  • @DiamondBlitz
    Look who you are and where you (or better, the application running as you) needs access to perform its duty.
    Note also some unusual directory permissions.
    These two things belong together.

    fleitner
    I tried harder...

  • rooted! :smiley:

    Cannot believe how that root prompt came out! :wink:

  • edited March 29

    need a nudge pleases.. i'm at initial low priv shell and was able to find a file containing details about the server and also the d**** user's encrypted creds which i've been trying to crack..

    can someone please help if this is the right track and not a rabbit hole. also, i'm unable to crack using john and i think it's not going to be useful for ssh either.

    some help around my situation would be really appreciated :neutral:

    Edit: Reached User and trying to privesc to root; just tried Lin****** and trying to find a way out for quite some time...

    Edit-2: Rooted.. :) if anyone needs a nudge, please feel free to DM.

  • rooted.. but still trying to fully grasp the minimized window helping with this.. i've gotten some idea of it but not sure.. if anyone has an understanding or wants to discuss, please PM...

  • @knock23 said:

    rooted.. but still trying to fully grasp the minimized window helping with this.. i've gotten some idea of it but not sure.. if anyone has an understanding or wants to discuss, please PM...

    If the window wasn't small, how would you enter the escape sequence?

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Type your comment> @TazWake said:

    @knock23 said:

    rooted.. but still trying to fully grasp the minimized window helping with this.. i've gotten some idea of it but not sure.. if anyone has an understanding or wants to discuss, please PM...

    If the window wasn't small, how would you enter the escape sequence?

    yeah.. it makes sense :wink:

  • Type your comment> @newrookie said:

    ROOTED MY FIRST MACHINE!!!
    But I don't know what you mean with resizing windows.. If someone wants to tell me it would be appreciated.
    What a beautiful website, thank you all guys!

    Hey, you have to resize the windows because it let you keep writing inside the script, so you can do the operations to get with root! :smile:

  • User and rooted!

    If someone needs help just feel free to PM me. :wink:

  • @knock23 said:
    rooted.. but still trying to fully grasp the minimized window helping with this.. i've gotten some idea of it but not sure.. if anyone has an understanding or wants to discuss, please PM...

    This is only because the terminal let you to write in the script with the less option, that's all! Hope I have helped you.

  • Finally rooted.
    Thanks to ByteM3 and Salt

  • So I'll leave two hints for root:
    1. look at the interesting file in your home folder. make sure you read it VERY carefully, you will find something interesting. Use GTFObins to figure out what interesting line is doing
    2. I would google 'Bandit Level 25 to Level 26'. It will give you some more perspective about all the resizing hints. FYI Bandit is a great start to your pen testing career and will get you warmed up with all the weird tricks it takes to break these boxes.

    Ping me for questions :)

  • Hi, I'm stuck to get the root flag. I saw an exploit using the j****tl in GTFO bin but it seem not to be working for me. Anyone can give me a tip on a right direction?

  • Rooted.

    HTB{HappyHacking}

  • @hangTuah said:

    Hi, I'm stuck to get the root flag. I saw an exploit using the j****tl in GTFO bin but it seem not to be working for me. Anyone can give me a tip on a right direction?

    yeah - read back a few questions: https://forum.hackthebox.eu/discussion/comment/67091/#Comment_67091

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • finally I got the user flag.
    I don't fully understand one thing of the process.

    How is it possible to read that b**** .**z file? Looking at parent folder permission, I don't have permission with that lowshell user .
    I mean, I can read that file but I think I shouldn't be able because the permissions of parent folder.

    can anyone explain me that?

  • edited March 31

    I have the user flag, but when I submit on the HTB website, it says invalid flag... Any particular reason?

    [Update] I was giving the User.txt in the System Own and Root.txt in the User Own.

    Too late here in India, very sleepy and tired... Sorry for the stupid confusion

  • Rooted this fun box some time back, PM me if y'all need a nudge or two

    If my hints help you out, remember to +respect me

  • I've been stuck on the user flag for far too long and could use a nudge. I've read a lot of comments on here and just still can't seem to find anything to help me over the line

    I've got the creds for D**** and have seen the /~D***** url. I've also stared at the conf file and manual endlessly and can't seem to make anything of the hints for directory permissions and such. Does it have to do with the pid and signalling?

    Could really use a hand

  • My first no nudge root :)

    Anuragd

  • Rooted. This one was a weird one for me. I'll give you my tips but they will be the exact same as everyone else thats posted before me. I believe there to be a few different ways to get the flags on here and I don't know that I took the intended path.

    Foothold: This was basic enumeration and Google. Most outdated CMS have exploits taht are easy to use. Just find the one you need for this.

    User: Honestly, this was the weird one. I got a nudge in the right direction. I read the manual. I read the conf file. I investigated my findings and it lead me to some things to take note of. I did what I learned from the manual but it lead me no where. So here is my tip. Just because you can't open a window and get to it doesn't mean you can't read the book that is just sitting there. Sometimes that is all you need.

    Root: I loved this. Everyone was talking about minimizing the terminal. I couln't get that to work. Did a LOT of reading on it. But I found a way to use a different binary and it helped me GTFO. I am willing to bet there are at least 10 differnent ways to break out.

    Thank you @haizenburg for the nudge and the respect, bro!

    Feel free to pm me for a nudge but I won't give you much more than what I posted here.

    b0ssk

  • A really fun box. Thanks to the creator, I didn't end up hitting my head against the wall.

    Hint for root, if you can't get creative INSIDE, then MOVE IT OUT. And paint the file as you like.

    Feel free to give me a PM. :smiley: .

    I hate competition. I just want to help.

    iblis

  • Really great box. Here are my nudges.

    Foot in the door: Enumeration was easy and exploit was easy.

    User: To find sensitive files you will need to... File hop... I know it sounds weird but it will make sense when you see it. It will look like nothing is there but it is. Something to do with the parent directory has strict permissions but the children do not. Config files are your friend. You will need to learn how to crack things with jo** or h******.

    Root: Once in via a popular remote admin tool you can make your way to an important file that runs commands automatically for a user. The last step took me forever to figure out. Look at this automated file and read!!! what it does and how it works. GTObins states that less of something maybe a way in.

    Thanks to @thesithlord

  • Rooted.

    Hints here are already pretty good. Just to add some small ones:

    • User: remember that r/w/x permissions for a folder are NOT necessarily the same for subfolders!

    • Root: this is already pretty huge > @gyptocrypt said:

      1. look at the interesting file in your home folder. make sure you read it VERY carefully, you will find something interesting. Use GTFObins to figure out what interesting line is doing
      2. I would google 'Bandit Level 25 to Level 26'. It will give you some more perspective about all the resizing hints. FYI Bandit is a great start to your pen testing career and will get you warmed up with all the weird tricks it takes to break these boxes.
  • Yes! Rooted my first active machine! It was very funny!
    If someone needs help just PM, I am delighted to help everyone who asks me.

  • ROOTED , thx

    fmwd

  • edited April 6

    Hello everyone,

    I think I'm close to get user flag but need a hint... I found *.tgz file that should help me to use a service.

    First, I tried to download this file on my kali to unzip it, but it didn't work (tried with nc, got permission denied).

    Then, I copied it into a directory where I have more permissions, and unzipped it. It unzipped useful files in /.s** directory, however I can't access them now...

    I'd like to crack i*_r** key, but how should I do it? Is it necessary to transfer it on my kali ?

    Thank you ! :)

    edit: got it

  • @NewlyIrish said:

    I've been stuck on the user flag for far too long and could use a nudge. I've read a lot of comments on here and just still can't seem to find anything to help me over the line

    I've got the creds for D**** and have seen the /~D***** url. I've also stared at the conf file and manual endlessly and can't seem to make anything of the hints for directory permissions and such. Does it have to do with the pid and signalling?

    Could really use a hand

    You can search it via the file system as well.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

Sign In to comment.