Traceback

Type your comment> @Wrebra said:

Got initial foothold and user.txt, but machine keeps kicking me out/resetting? Weird.
Like to do some enumeration on the box itself, but cannot get a stable shell it seems.
Tried the tips for spawning a shell from NETSEC [https://netsec.ws/?p=337] , but no luck and no TTY…
Any hints on that one would be appreciated. :wink:

Try using python3

Rooted awesome box, i couldn’t get the final step for a hot minute, kept kicking myself out of the shell

Was wonderting whether /e**/u************.d was the right path for root?

Hi,

I think I have a clear idea on how to get foothold, but I am not able to work with the tool. I am invoking it directly but it returns an error…

Pretty irritating to see people deleting files that are needed or resetting the box every few minutes. I already rooted this box and had fun doing so, I then made sure to clear my artifacts like a good boy.

Pfffft, finally got root. Thanks for the creator(s) and many many many more thanks to all of you with the hints you left on the forum board!
This took me way too long, I over-complicated stuff.
In hindsight I saw the possible root direction right after I got user.txt and did some enumeration, but thought that would be too obvious. LOL

Stuck at initial enum, tried searching on various aspects mentioned in the comments OSINT and Google , still no way in.

@uditkapahi said:

Stuck at initial enum, tried searching on various aspects mentioned in the comments OSINT and Google , still no way in.

Did you find the g****b page? If so, search it for the phrase and it takes you to a place where lots of things are stored. You can then create wordlist for these and enumerate for it.

Finally got root. Very interesting machine. My tips:

  • The key is to enumerate everything and don’t over complicate things
  • For initial foothold, check for the hacker and his comment and do some OSINT techniques
  • For user, basic enumeration es enough
  • For root, check for weak permissions on files. It’s always a good idea to check for processes that are running.

Hope no spoilers were given.

Fun box. A balanced challenge for beginners. Thanks @Xh4H!

hi there, i managed to get wan and i also know which commands it can execute (l*t). I have also written a la script to get user.txt but when i run it i get:

sudo: no tty present and no askpass program specified

i am stuck with this from days… could someone help me please??

Hi, I was able to get the root flag, but without being able to actually open a root reverse shell. Could someone that was actually able to do so PM me and explain me how he manage to do it ? Thanks !

Rooted
thanks to @cyberafro for the nudges

Type your comment

This box was so fun! thank you @Xh4H I was hung up on user for awhile. I figured it out but of course it was the silliest reason. Here are my tips:
Foothold: OSINT. When you finally see it, Google has all the answers. You can just walk right in. :slight_smile:
User: it is hard to learn something new. So some of us have to use common sources for help. The syntax is usually similar to something you know. So if it doesn’t work, figure out why, and make it work. You can’t plug and play here. Buuuut almost.
Root: Enumerate. Understand what is going on. You have to be fast or you have to be smart. I chose to be fast. :slight_smile:
You can message me if you would like for nudges. But This one just takes some thinking. No crazy tricks.

Rooted! I have a strange feeling I never triggered my own payloads and that someone else did it for me… found out while racing and then trying to clean up my mess! :smiley:

Rooted.

■■■■■■■!!! I made that way too hard. Finally Rooted. I was on the right path…but made things way to over complicated.

Thanks to WhiskeyBar

Type your comment> @TazWake said:

@uditkapahi said:

Stuck at initial enum, tried searching on various aspects mentioned in the comments OSINT and Google , still no way in.

Did you find the g****b page? If so, search it for the phrase and it takes you to a place where lots of things are stored. You can then create wordlist for these and enumerate for it.

I am still struggling to find right info from the g****b repo page . Found some scripts obfuscated, but it seems that they are of no use.

@uditkapahi said:

I am still struggling to find right info from the g****b repo page . Found some scripts obfuscated, but it seems that they are of no use.

Search for the term on the HTB box index page. Take a list of every file name on the page it takes you to and enumerate them. ISTR there are less than 20 file names to check.