Spoiler Removed
Awesome work.
finally rooted
thanks @TazWake and @0xpr0N3rd for all the helps
note: i spend about 4 hour on root exploit because ı forget to give permission something, its not hint but i hope no one make same mistake really stressful 4 hour
pm me for any nudge
Great Box
Thanks for the challenge
I have read the article about the t******ion attack but cannot get it to work, can anyone PM with a nudge or some direction?
@zalazalaza said:
I have read the article about the t******ion attack but cannot get it to work, can anyone PM with a nudge or some direction?
Use burp.
Finally.
root@book:~# whoami && id
root
uid=0(root) gid=0(root) groups=0(root)
Realy enjoyed the box and learned many things. Every box is a learning opt.
It’s scary, every several minutes connect to Book box is lost
Every minute… and it’s on edge-eu-vip-1.hackthebox.eu VPN
Guys, I cant get lr*** to trigger… It was working and suddenly stopped working…
I am doing same exact thing as i did when it got triggered… anybody faced similar issue?
I’m stuck on the root… can any body give tips about it?
I can’t start reverse shell my host unavailable from book.htd and I try use lo*****e and it doesn’t work
Type your comment> @TazWake said:
@zalazalaza said:
I have read the article about the t******ion attack but cannot get it to work, can anyone PM with a nudge or some direction?
Use burp.
thanks thats what I needed.
Finally rooted!
Thanks to @EvilT0r13 and @sh4d0wless…
Accurate hints are there by @somecanadian in page 9!
Great work MrR3boot…Looking forward to have similar boxes from you… Its true that difficult paths lead to beautiful destinations
Feel free to PM if need help
Well I finally rooted this box but wouldn’t have been able to do any of it without a lot of patience and nudges along the way from @TazWake and @wxadvisor .
uid=0(root) gid=0(root) groups=0(root)
python -c ‘import pty;pty.spawn(“/bin/bash”)’
root@book:~#
Each stage taught me techniques which I haven’t seen or used but will definitely not forget.
Rooted … If you need help ping me on discord !! icoNic#0097
Bypassing the guard on this one has got me stumped. I’ve tried URL, Unicode, octal, hex, string concat, mixed-case, inline comments. Can any nudge me towards the right one please?
Ignore this, it’s all unnecessary -_-
Hello,
could anyone give me a nudge about the X** thing? I read the noob article and I think I understood where to apply it but cannot get results Thanks…
@daemonzone said:
Hello,
could anyone give me a nudge about the X** thing? I read the noob article and I think I understood where to apply it but cannot get results Thanks…
The output is written to a file you need to download.