Bashed

Hi. Brand new in HTB :slight_smile: and for two days handlling with bashed. Very straightforward to get user.txt /… after that: I got the reverse shell (interactive shell) I did su to an other user … found a script… and after that, I’m getting completely crazy trying to finde the way to gain root. I’m not asking for help… yet … just thinking loudly (and sharing with you). On Sunday Bashed will be removed and I have to hurry up, but I’m very stuck right now. Greetings to all!

Finally I got the root.txt flag, without being root, playing with the scripts we all know. I don’t know exactly why it works getting the flag from there. I some could explain me via PM I would be very gratefull, since my real flag y to learn

Yes!! now I’m root !!! … Sometimes the solution is more like a puzzle than a technical matter :slight_smile: (lateral thinking)
but actually I still don’t understand WHY could I retrieve the flag without being root, as I shared in my previous post

I’ve understood why before gaining root I was able to obtain root.txt … the reason is directly related with the way I gained root access later, but wasn’t aware of that at that moment. Now everything is clear :slight_smile:

well im new to this whole hacking thing and im having trouble getting a foothold in poison. This is the first box im trying and ive gotten the encoded password, but I cant figure out where to go from here. Feel free to PM me as I know the answer will be “enumerate more”, but I can’t figure out how. Could someone please at least point me in the right direction?

on it as well

I don’t know if what I’m gonna say could be consider spoiler or just a hint, but… since bashed is gonna be disabled soon, let me say you the following
The difficulty here is more a matter of close view than techical (of course one must to have some basic skills) . So the hint is: “Try to figure out why some strange things could be happening” :smiley: Enjoy!

once you enumerate and discover the way the flag you want is -u :slight_smile: some googling back when I did this box had me stumble upon that option with the command and all was well.

Many thanks Kinjo!!! Was blind but now I see…!!!

Hi everybody, I would like a little push on PM. I think I am quite close, but since I am new to the privilege esc I am stuck. Would be nice to tell someone what I have done till now and how to proceed.
Cheers!

An other hint: “Review concepts like ownership and permissions”

Now that it is retired I can’t wait to read the write-up.
Got the user.txt but I couldn’t get the root.txt.
It was my first machine, though!

@HASLima said:
Now that it is retired I can’t wait to read the write-up.
Got the user.txt but I couldn’t get the root.txt.
It was my first machine, though!

also you can see the ippsec video on youtube

the machine was retired and my points too, why? is it normal?

@K43P said:
the machine was retired and my points too, why? is it normal?

yeah, when machine retires, points retire to

@w31rd0 said:

@K43P said:
the machine was retired and my points too, why? is it normal?

yeah, when machine retires, points retire to

OHHH WTF!!!

Hey guys… i got an idea which file i need to modify… but i am not understanding what should i do with that …i tried a lot of things from last 3 days but not able to get root

Hi. If any one can help me, in pretty sure I know how to get root but something is up with my python. If you are decent in python and have rooted this machine can you send me a message? Thanks!

@BanalFutility said:

Hi. If any one can help me, in pretty sure I know how to get root but something is up with my python. If you are decent in python and have rooted this machine can you send me a message? Thanks!

There are an awful lot of write ups for this box - including an official one and an ippsec video tutorial. You could skim through one until you get to where you are stuck.

@TazWake, Yeah I read the write up it doesn’t help with my question on python but it confirmed I was correct in how to get root. Stil, my questions in python remain so if any one can help and has root on this machine dm me. I don’t want to post more details as I don’t want to spoil for any one who may attempt this box.