Book

Rooted. The longest part was gaining admin creds, thanks @TazWake for the nudge. Great box, has a realistic vuln in the P** creation which was a new technique for me. Priv esc, relatively straightforward and there are lots of hints in this thread. Thanks for the box @MrR3boot

I rooted the box but can someone PM me how they figured out what activated the log****** or was it sheer trial and error?

ROOTED !

Check my signature for a tip or send a PM

@TazWake said:
@Tatik said:

I found id_rsa, passed it through pdfminer but i get bad permissions error

Thats because your permissions are incorrect. The error message pretty much says what you need to do - or man chmod.

Thanks so much :slight_smile:

Rooted. Thanks to @TazWake and @mimo for getting me over the hump at the start. Very new to the that area at the beginning, I learned a great deal from this one. Great box @MrR3boot.

Can do PM’s for help and support.

Wow… what a ride that was lol

Type your comment> @M3rlin said:

Rooted. Thanks to @TazWake and @mimo for getting me over the hump at the start. Very new to the that area at the beginning, I learned a great deal from this one. Great box @MrR3boot.

Can do PM’s for help and support.

Wow… what a ride that was lol

Glad I could be of help.

Can someone tell me if the “Role” field on the website changes its status once you log in as a****? I think I’m seeing the path to get foothold, but something still isn’t working.

@bigFish43 said:

Can someone tell me if the “Role” field on the website changes its status once you log in as a****? I think I’m seeing the path to get foothold, but something still isn’t working.

It won’t, You need to login on the right place

@Watskip said:

@bigFish43 said:

Can someone tell me if the “Role” field on the website changes its status once you log in as a****? I think I’m seeing the path to get foothold, but something still isn’t working.

It won’t, You need to login on the right place

Thanks a lot! Can’t believe I missed something that obvious. I shouldn’t do HTB boxes when I’m tired :slight_smile:

Why do I sign out after some few minutes that I sign in as admin??!

@c4ph00k (Page 11) Best hint for getting user 2.1 thank you. you saved me from going deeper into the injection rabbit holes i was trying…

Stuck at root part.
Did you guys/gal modified the exploit for l…-…e?

Or am I overthinking it ? Would love some tips for directions here…

EDIT: Aaah nevermind, the exploit ended up working fine while I didn’t change anything… So don’t hesitate to retry your exploits multiples time if you are sure of everything :wink:

help need for root, i know vulnerable to l**r**** but i can not rev shell
thanks,.

I am stuck at getting admin access. I think some kind of injection is necessary in the sign up form. I have tried many ways (sqli, special chars…) but can´t get anything. any help?

ROOTED finaly :smile:
things not working before now worked
helped hackerone report

Thanks to alegou and TazWake !!

Type your comment> @Kevoenos said:

@bobd91 said:

Despite all the hints I am still stuck on user.
I have admin rights and can see from the hints that I can put something in the f*** u****d screen that will cause code to be executed on the server when it generates a p**
But I have no idea how any of that could work so would be grateful if someone would nudge me in the right direction.

There is a really helpful article on the internet about this kind of exploit. I will pm you the link to it

Can I get the link as well? :slight_smile:

Sorry guys, but … how i can get admin panel … i blooding and nothing ideia

stuck in root, how can i write the l** if i don’t have required permissions…??