Traverxec

need a nudge pleasesā€¦ iā€™m at initial low priv shell and was able to find a file containing details about the server and also the d**** userā€™s encrypted creds which iā€™ve been trying to crackā€¦

can someone please help if this is the right track and not a rabbit hole. also, iā€™m unable to crack using john and i think itā€™s not going to be useful for ssh either.

some help around my situation would be really appreciated :neutral:

Edit: Reached User and trying to privesc to root; just tried Lin****** and trying to find a way out for quite some timeā€¦

Edit-2: Rootedā€¦ :slight_smile: if anyone needs a nudge, please feel free to DM.

rootedā€¦ but still trying to fully grasp the minimized window helping with thisā€¦ iā€™ve gotten some idea of it but not sureā€¦ if anyone has an understanding or wants to discuss, please PMā€¦

@knock23 said:

rootedā€¦ but still trying to fully grasp the minimized window helping with thisā€¦ iā€™ve gotten some idea of it but not sureā€¦ if anyone has an understanding or wants to discuss, please PMā€¦

If the window wasnā€™t small, how would you enter the escape sequence?

Type your comment> @TazWake said:

@knock23 said:

rootedā€¦ but still trying to fully grasp the minimized window helping with thisā€¦ iā€™ve gotten some idea of it but not sureā€¦ if anyone has an understanding or wants to discuss, please PMā€¦

If the window wasnā€™t small, how would you enter the escape sequence?

yeahā€¦ it makes sense :wink:

Type your comment> @newrookie said:

ROOTED MY FIRST MACHINE!!!
But I donā€™t know what you mean with resizing windowsā€¦ If someone wants to tell me it would be appreciated.
What a beautiful website, thank you all guys!

Hey, you have to resize the windows because it let you keep writing inside the script, so you can do the operations to get with root! :smile:

User and rooted!

If someone needs help just feel free to PM me. :wink:

@knock23 said:
rootedā€¦ but still trying to fully grasp the minimized window helping with thisā€¦ iā€™ve gotten some idea of it but not sureā€¦ if anyone has an understanding or wants to discuss, please PMā€¦

This is only because the terminal let you to write in the script with the less option, thatā€™s all! Hope I have helped you.

Finally rooted.
Thanks to ByteM3 and Salt

So Iā€™ll leave two hints for root:

  1. look at the interesting file in your home folder. make sure you read it VERY carefully, you will find something interesting. Use GTFObins to figure out what interesting line is doing
  2. I would google ā€˜Bandit Level 25 to Level 26ā€™. It will give you some more perspective about all the resizing hints. FYI Bandit is a great start to your pen testing career and will get you warmed up with all the weird tricks it takes to break these boxes.

Ping me for questions :slight_smile:

Hi, Iā€™m stuck to get the root flag. I saw an exploit using the j****tl in GTFO bin but it seem not to be working for me. Anyone can give me a tip on a right direction?

Rooted.

@hangTuah said:

Hi, Iā€™m stuck to get the root flag. I saw an exploit using the j****tl in GTFO bin but it seem not to be working for me. Anyone can give me a tip on a right direction?

yeah - read back a few questions: Traverxec - #1267 by knock23 - Machines - Hack The Box :: Forums

finally I got the user flag.
I donā€™t fully understand one thing of the process.

How is it possible to read that b**** .**z file? Looking at parent folder permission, I donā€™t have permission with that lowshell user .
I mean, I can read that file but I think I shouldnā€™t be able because the permissions of parent folder.

can anyone explain me that?

I have the user flag, but when I submit on the HTB website, it says invalid flagā€¦ Any particular reason?

[Update] I was giving the User.txt in the System Own and Root.txt in the User Own.

Too late here in India, very sleepy and tiredā€¦ Sorry for the stupid confusion

Rooted this fun box some time back, PM me if yā€™all need a nudge or two

Iā€™ve been stuck on the user flag for far too long and could use a nudge. Iā€™ve read a lot of comments on here and just still canā€™t seem to find anything to help me over the line

Iā€™ve got the creds for D**** and have seen the /~D***** url. Iā€™ve also stared at the conf file and manual endlessly and canā€™t seem to make anything of the hints for directory permissions and such. Does it have to do with the pid and signalling?

Could really use a hand

My first no nudge root :slight_smile:

Rooted. This one was a weird one for me. Iā€™ll give you my tips but they will be the exact same as everyone else thats posted before me. I believe there to be a few different ways to get the flags on here and I donā€™t know that I took the intended path.

Foothold: This was basic enumeration and Google. Most outdated CMS have exploits taht are easy to use. Just find the one you need for this.

User: Honestly, this was the weird one. I got a nudge in the right direction. I read the manual. I read the conf file. I investigated my findings and it lead me to some things to take note of. I did what I learned from the manual but it lead me no where. So here is my tip. Just because you canā€™t open a window and get to it doesnā€™t mean you canā€™t read the book that is just sitting there. Sometimes that is all you need.

Root: I loved this. Everyone was talking about minimizing the terminal. I coulnā€™t get that to work. Did a LOT of reading on it. But I found a way to use a different binary and it helped me GTFO. I am willing to bet there are at least 10 differnent ways to break out.

Thank you @haizenburg for the nudge and the respect, bro!

Feel free to pm me for a nudge but I wonā€™t give you much more than what I posted here.

A really fun box. Thanks to the creator, I didnā€™t end up hitting my head against the wall.

Hint for root, if you canā€™t get creative INSIDE, then MOVE IT OUT. And paint the file as you like.

Feel free to give me a PM. :smiley: .

Really great box. Here are my nudges.

Foot in the door: Enumeration was easy and exploit was easy.

User: To find sensitive files you will need toā€¦ File hopā€¦ I know it sounds weird but it will make sense when you see it. It will look like nothing is there but it is. Something to do with the parent directory has strict permissions but the children do not. Config files are your friend. You will need to learn how to crack things with jo** or h******.

Root: Once in via a popular remote admin tool you can make your way to an important file that runs commands automatically for a user. The last step took me forever to figure out. Look at this automated file and read!!! what it does and how it works. GTObins states that less of something maybe a way in.

Thanks to @thesithlord