@TazWake I know, it’s wild, it has been stumping me for quite some time.
Yeah I will insert my nc one liner into the file, trigger it, pop a shell and it will be sysadmin again. It works every time using any of the four or five files that are there.
But when I try to do the same thing like cp the flag to a different location or add my ssh to the root location, I receive that permission denied message. I am going to try and watch it, I thought about doing that earlier but didn’t do it. That may be the key. Maybe it is in fact working sometimes, I just am not realizing it.
@TazWake I know, it’s wild, it has been stumping me for quite some time.
Yeah I will insert my nc one liner into the file, trigger it, pop a shell and it will be sysadmin again. It works every time using any of the four or five files that are there.
Ok, something isn’t working correctly.
But when I try to do the same thing like cp the flag to a different location or add my ssh to the root location, I receive that permission denied message. I am going to try and watch it, I thought about doing that earlier but didn’t do it. That may be the key. Maybe it is in fact working sometimes, I just am not realizing it.
The attack needs to be in the correct place and triggered in the correct way for it to work. It should be simple but as is so often the case, that just means lots of things can still go wrong.
@TazWake hmm… yes, the correct place, perhaps that is it. Another reason why I was wondering about the echoing instead of manual edit, but I figured it shouldn’t matter.
It is for sure some little thing that I am doing wrong that I haven’t realized yet, but I will eventually. One of those things you get and you’re like “god how did I miss that”. Thank you for your help!
Initial Foothold: OSINT using the information you find on the homepage for the web server. One of them will work. I suggest saving all their names to a text file and giving them to gobuster to do the heavy lifting. Need a password? How about you read the source code.
User: Took me way too f**king long because I was trying to be too clever about it. Don’t bother with a reverse shell for this stage, save that for once you actually get the user account. Start simple, with a shell. You’re gonna need to “learn” a new language to get this shell to work. Also, don’t be lazy… read the man page for sudo.
Root: What processes are running. You probably won’t be entirely too familiar with the process running, so do some Googling. Even 10 minutes is enough to get an idea of what you’re going to have to do. You’ll need two terminals. Don’t bother editing any files directly, just append to whatever you wanna edit via >> rather than trying to edit and save. You wont be fast enough.
Pretty fun box, and I actually enjoyed the CTF elements since they we’re done well.
I am getting this “load pubkey id_rsa : invalid format” error while ssh ing to s****min account. I am quite sure I placed the pub key in the right way, why does this not work?
@anir08 said:
I am getting this “load pubkey id_rsa : invalid format” error while ssh ing to s****min account. I am quite sure I placed the pub key in the right way, why does this not work?
@anir08 said:
I am getting this “load pubkey id_rsa : invalid format” error while ssh ing to s****min account. I am quite sure I placed the pub key in the right way, why does this not work?
Rooted!
First box that took me less than a day, also the first that I didn’t have to message anyone for specific help about. Forum comments did help me though.
I thought this was a good box that linked together a few different techniques that had come up in other boxes. It took me a while to think through the steps but it all made sense in the end.
PM me if you need help!
All the hints for foothold are very cool, but!
Git repository where you’ll find the list of shells IS NOT THE AUTHOR’S
Cause he has just the same repo, but other shells, stuck on it for soooo long lol
after editing the a*********_***s and I try to login, it doesn’t accept it. I make sure that the the file is how I left it but nothing happens. Any hints? I also tried to run a lua script but didn’t work
after editing the a*********_***s and I try to login, it doesn’t accept it. I make sure that the the file is how I left it but nothing happens. Any hints
Chances are the file isn’t how you left it. A lot of people don’t understand the difference between > and >> so have a tendency to overwrite the existing files here.
Well, I didn’t realized I was putting the wrong key actually and I feel dumb about it.
Anyhow, I managed to get the flag but my question is, was this machine only to get root or is there user also?
Well, I didn’t realized I was putting the wrong key actually and I feel dumb about it.
Anyhow, I managed to get the flag but my question is, was this machine only to get root or is there user also?
All HTB boxes have both flags, this one is no exception.
The user account you need to be in to get root has access to the user.txt flag.
when trying to SSH to 10.10.10.181 I am getting a password prompt. I didn’t configure any password while regenerating the ssh keys . Does anyone getting the same message , for a password prompt ?