OpenAdmin

@loco99 said:

how can i know the address that i need to curl into

You can either look at what is being served or read the configuration file for the application.

i did what i have to do in the .p** files and the hash but dnt know what to do next
pls some help

Enumeration.

Type your comment> @TazWake said:

@loco99 said:

how can i know the address that i need to curl into

You can either look at what is being served or read the configuration file for the application.

i did what i have to do in the .p** files and the hash but dnt know what to do next
pls some help

Enumeration.

i got something llike T******.**m but it’s an offical website am i doing anything wrong ?

@loco99 said:

i got something llike T******.**m but it’s an offical website am i doing anything wrong ?

I don’t recognise what you’ve put there, it certainly wasn’t something I used or accessed.

You don’t need to go far to find what you need.

Finally rooted.

Initial foothold was easy. Te become user1 find some juicy info somehwere in the files. For user2, be user1 and do something with curl. Make sure you find the correct port!

Root was so easy.

Nice box though! Thanks

Man, I feel stupider every time I struggle to Root an ‘easy’ box.
… Finally got there though

I’ve the jy shell. I’ve managed to make il reachable, but now I’m stuck trying to get the j*a password. Any hint?

Fun box. Hardest part for me was going from user 1 to user 2. Stumbled upon what was going to get me to root when trying to get to user 2 so once I finally had user 2 it was just running the commands from there. First Linux box, first box not using MSF

Hello, box is broken, can someone reset it please? thank you!
I did it myself this morning, cannot do it again for today

Thank you!!

I have a problem in submitting the root flag.
First I have submitted the user flag hash on hack the box and then tried to submit the root one. So, is it like we can submit the flag once only whether it will be user or root?

I am in as J****a and can see that permissions allows a text editor. I cannot get the root flag - it just doesn’t seem to exist… any ideas? Thank you.

Edit: got it, for whatever reason it did not work. The machine stopped and when I started it again it worked… perhaps the root.txt was missing?!

ROOTED , thx

@thedemon said:

I have a problem in submitting the root flag.
First I have submitted the user flag hash on hack the box and then tried to submit the root one. So, is it like we can submit the flag once only whether it will be user or root?

You can only submit a flag once, why would you repeatedly submit one?

You can submit User and then submit Root though. They are different flags.

I don’t think Open Admin has moved to dynamic flags yet, but it might have.

@Youngie1337 said:

I am in as J****a and can see that permissions allows a text editor. I cannot get the root flag - it just doesn’t seem to exist… any ideas? Thank you.

Edit: got it, for whatever reason it did not work. The machine stopped and when I started it again it worked… perhaps the root.txt was missing?!

I am a bit confused here - did you use the text editor to read the flag or escalate privs? If the former, it shouldn’t work on this box.

Type your comment> @TazWake said:

@Youngie1337 said:

I am in as J****a and can see that permissions allows a text editor. I cannot get the root flag - it just doesn’t seem to exist… any ideas? Thank you.

Edit: got it, for whatever reason it did not work. The machine stopped and when I started it again it worked… perhaps the root.txt was missing?!

I am a bit confused here - did you use the text editor to read the flag or escalate privs? If the former, it shouldn’t work on this box.

Due to permissions it was possible to read the root flag, for whatever reason it just wouldn’t open the root.txt - managed to get it working following the box starting back up.

I got flag without actually being root from the p**v file. Does that make sense? Submitted my flag which is valid, but I still don’t get how is this root… would love some guidance

I really struggled with this box for some reason. The jump from the first pseudoshell to the first full user was painful and I was taring my hair out. It turns out, I had all the pieces of the puzzle in front of me, but I just wasn’t putting them together, instead I was staring at them. (I created my own rabbit hole trying to do all sorts of things)

can someone PM me with how they got the USER1 to USER2 to work? I found and cracked the hash and retrieved the key, but wasn’t able to log in at all, falling at the last hurdle.

Also, what was the cURL method? I gave up on that pretty quickly.

I found a different ways around, but am curious to know other ways for future reference.
thanks all <3

@omerxx said:

I got flag without actually being root from the p**v file. Does that make sense? Submitted my flag which is valid, but I still don’t get how is this root… would love some guidance

Someone broke the box before you attacked it because they didn’t understand how the box works.

@giantruby said:

I really struggled with this box for some reason. The jump from the first pseudoshell to the first full user was painful and I was taring my hair out. It turns out, I had all the pieces of the puzzle in front of me, but I just wasn’t putting them together, instead I was staring at them. (I created my own rabbit hole trying to do all sorts of things)

This has happened to lots of people.

can someone PM me with how they got the USER1 to USER2 to work? I found and cracked the hash and retrieved the key, but wasn’t able to log in at all, falling at the last hurdle.

Happy to discuss this but it’s likely to be down to not using the key properly. Or, given how much people mess with this box, someone changed the key so you didn’t get a valid one.

Also, what was the cURL method? I gave up on that pretty quickly.

How did you get the key?

I found a different ways around, but am curious to know other ways for future reference.
thanks all <3

Type your comment> @TazWake said:

@omerxx said:

I got flag without actually being root from the p**v file. Does that make sense? Submitted my flag which is valid, but I still don’t get how is this root… would love some guidance

Someone broke the box before you attacked it because they didn’t understand how the box works.

Thank you! Went back and did it the right way.