Book

Finally rooted after a few hours! Overall concept was amazing! Here are my takeaways that might help.

User: Your foothold has two faces and in some ways will talk to each other. Once you figure out the link, think of ways you can get one face to disclose info based on what you tell the other.

Root: Once you enumerate and figure out what you have control over, the exploit is crafty and straight forward - be sure to eat your peas. For some reason, I had to try the exploit a few times after resetting the box, but eventually got my foot in the door.

Happy to throw bits of hints via dm - this was a great experience!

Spoiler Removed

Spoiler Removed

Spoiler Removed

Team, I have scored user.txt and have a shell as the known user. I have been attempting root on this machine for awhile now and I need help. I have enumerated with the usual l**pea* and psy. I see interesting services but unsure what to do with it. Any help would be amazing

@W4rF4ther take a look again at the 2nd thing you mentioned. There should be something interesting there. A thing you would throw on a fire. Once you find the thing, Google is your friend. Once you have your files in place, it may take a couple of tries.

I was never able to get a stable shell, but worked long enough to get the flag.

Youhou we have done a three combo spoiler removed!
Unfortunately got no time to see your answer to my question @TazWake and @OffsecGeek01 . Can you MP me your answer to my issue with mail and… you know such type of sqlthings… thank you!

Wow, what a nice yet challenging box! user was way harder than root if you didn’t know the attack vectors. Thanks to @marlasthemage for the nudges to point me to the right direction! And thanks to @MrR3boot for another “nasty” experience. After all the struggle with user I at least added 2 additional vectors to the arsenal. Read and learn is so true xD
As always I’m happy to help!

Rooted :slight_smile:

You can PM me for tips

Rooted! Big thanks to all who helped me! :slight_smile:

Learned a lot

Owned this cute box. The exploit for root is very easy, user was a bit hard. But it is an amazing box. Thanks for the creator as always… :wink:

Hello,
I know the privesc needs to play with lro*.
But is it to exploit an apache vul like cfca**** or not at all?

THanks for your answer

mother of pearl that was hard getting user. Learned a ton and onto root!

Type your comment> @Tempuslancien said:

Hello,
I know the privesc needs to play with lro*.
But is it to exploit an apache vul like cfca**** or not at all?

THanks for your answer

You are on the right way with your first statement. As mentioned there is a well documented tutorial to exploit this vulnerability which you can use with almost no changes. Try to understand why you have this files in your user directory and what happens when the vuln program runs.

nice box, took me forever to get user, but then root was pretty straight forward after some enumeration and googling.

@reini thank you so much!

Hi! Some nudge to get into the admin pannel? I know what to do but not how actually do it. I tried many things and nothing works.

@TheDante98 said:

Hi! Some nudge to get into the admin pannel? I know what to do but not how actually do it. I tried many things and nothing works.

Is this any help?

Type your comment> @TazWake said:

@TheDante98 said:

Hi! Some nudge to get into the admin pannel? I know what to do but not how actually do it. I tried many things and nothing works.

Is this any help?
Book - #333 by exzandar - Machines - Hack The Box :: Forums

Yeah, I know I have to overwrite it. The thing is I don’t know what uncommon technique to use and it is hard to google it. I’m trying everything in Burp. I can PM you with the things I tried and managed to do.

Finally rooted after a whole week. Overall super awesome box I learned a TON with this one. Really had to work to make it past each step.