OpenAdmin

15859606264

Comments

  • @5uP3Rn0v4 said:

    Ahha! Eureka moment. I'm in as user 1 and I think I found what I need to get user 2.
    Thanks alot!

    Nice work.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • edited April 24

    Stuck again. Going for user 2, used john to help and got a pass but its saying incorrect password. Can I get a nudge please?

    Edit

    Figured it out, now to shoot for root!

    Edit 2
    Rooted! Finally figured out how to get the f*** out of user 2 shell.

    id
    uid=0(root) gid=0(root) groups=0(root)
    whoami
    root

    5uP3Rn0v4

  • Great machine - kudos to the maker!

    For hints, I would say initial access is very simple, and then you just need to think lazy admin for the rest of the multi-step process.

  • Great Machine! It was fun cracking it. But I didn't get all the points. I submitted both the root and user flag but was unable to get full points. Does anyone know, why is it so?

  • I'm stuck, can't find the priv esc I need way from www to user, can I have a nudge? Maybe DM so I can talk about what I tried?
  • Rooted
    For those who had an issue with John not working, I tried loading the 'file' in johnny (after doing *2john) and displayed what you're looking for.

  • Rooted PM for hints

  • Type your comment> @H0ru5 said:

    I'm stuck, can't find the priv esc I need way from www to user, can I have a nudge? Maybe DM so I can talk about what I tried?

    ENUMERATE.... you will definitely find something

    Hack The Box

  • if anyone can give me a nudge for root, that wud be much appreciated... :)

    Hack The Box

  • Type your comment> @thescriptkiddy said:

    if anyone can give me a nudge for root, that wud be much appreciated... :)

    To quote yourself :) ENUMERATE.... and especially check what inventory of tools User1 and User2 has access to. Most tools can be used in more than one way :)

    Fell free to PM if you want more hint.

  • Can anyone give me a little help? I discovered my weakness is enumeration because I'm stuck with www data

  • Type your comment> @H0ru5 said:

    Can anyone give me a little help? I discovered my weakness is enumeration because I'm stuck with www data

    To get around in a Linux system you need a username and some sort of credentials. See if you can find potential usernames.

    If you have found anything remotely interesting, have you tried to utilize it in some way? See if you can find credentials.

    You only need ‘cat’ and ‘ls’ command at this stage. Until you find some username and credentials, then you need an additional tool to test your findings.

  • My first root own. I had a lot of help from all the comments scattered throughout but learned a lot that will be useful elsewhere :) Initial foothold, user1 and root were easy enough; user 2 was the challenge but once I started looking in the right place it got easier.

  • Rooted !
    DM if you stuck

  • Type your comment> @GreyHat86 said:

    Can someone give me a nudge? found a possible R** for O***N******N. just want to check i'm not off down a rabbit hole.

    you are going right!

  • Rooted earlier today. msf failed me on this one, but was a fun journey. DM if hint is needed :)
  • Just rooted, let me be clear here with some stuff:
    0. Dont overthink, it is as easy machine
    1. Foothold should be a fast enum + google
    2. Getting the first user should be fast, all you need is cat, ls and knowing people use the same password for everything like in real world
    3. More cat and ls in different places and I found what I needed, got second user
    4. Getting root was ridiculous ctf like, piece of cake, go to the basics

  • Root it.

    any nudge pm me :)

    Hack The Box

  • Any nudge on what to enumerate for root?

  • Type your comment> @poots said:

    Any nudge on what to enumerate for root?

    you might wanna check for some special binaries... :)

    Hack The Box

  • @poots said:

    Any nudge on what to enumerate for root?

    Have a look at what the user is allowed to do as a super user.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Going for user, found an exploit to use however when running the .sh I get "syntax error: unexpected end of file", and getting nothing with metasploit. Anyone get this and know a quick fix?

  • @squire said:

    Going for user, found an exploit to use however when running the .sh I get "syntax error: unexpected end of file", and getting nothing with metasploit. Anyone get this and know a quick fix?

    dos2unix.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • am i supposed to get keys of joanna? cuz when i see main.php, its executing a command of printing the keys!!
    kindly help me proceed further!

  • Stucked on privilege escalation as usual u_u
    I already escalate from www-shell and login into the machine with the info found there (j***y shell)
    Can anyone give me a hint about how to get next user please?

  • just rooted
    improved my enumeration skills:
    taught me to use tools!
    PM for hints! would be happy to!
    thanks to @TazWake

  • edited April 28

    I read a lot of "John" here, but uncle john isn't needed.
    Many ways to skin a cat, but using John here is like trying to explode the door of a safe, when the window right next to it is open...

  • Hi Guys,

    i am very new to HTB and "hacking" in . I have both flags but when i try to submit flags on HTB, it throws me error. is there a way we submit flags?

  • @RedLotus said:

    Hi Guys,

    i am very new to HTB and "hacking" in . I have both flags but when i try to submit flags on HTB, it throws me error. is there a way we submit flags?

    As far as I know OpenAdmin doesn't use Dynamic Flags, so it depends on what the error says.

    For example, you do need to select a rating before you submit, that often throws people.

    If all else fails and you are confident you have selected a rating and have the flag from user.txt, you can raise a ticket on JIRA for HTB to investigate.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • @RedLotus said:

    Hi Guys,

    i am very new to HTB and "hacking" in . I have both flags but when i try to submit flags on HTB, it throws me error. is there a way we submit flags?

    For some time, now, flags have become dynamic. This means that they (usually) change with every reset of the machine. It is thus advised to submit the flags as soon as you discover them.
    If a flag doesn't work, even when you immediately submitted it, try resetting the machine, wait a few after the reset, obtain the new flag and submit it. There seems to be a delay between "the machine is back up, again" and "the new flag has been generated on the machine".


    Hack The Box
    GREM | OSCE | GASF | eJPT

Sign In to comment.