OpenAdmin

@poots said:

Any nudge on what to enumerate for root?

Have a look at what the user is allowed to do as a super user.

Going for user, found an exploit to use however when running the .sh I get “syntax error: unexpected end of file”, and getting nothing with metasploit. Anyone get this and know a quick fix?

@squire said:

Going for user, found an exploit to use however when running the .sh I get “syntax error: unexpected end of file”, and getting nothing with metasploit. Anyone get this and know a quick fix?

dos2unix.

am i supposed to get keys of joanna? cuz when i see main.php, its executing a command of printing the keys!!
kindly help me proceed further!

Stucked on privilege escalation as usual u_u
I already escalate from www-shell and login into the machine with the info found there (j***y shell)
Can anyone give me a hint about how to get next user please?

just rooted
improved my enumeration skills:
taught me to use tools!
PM for hints! would be happy to!
thanks to @TazWake

I read a lot of “John” here, but uncle john isn’t needed.
Many ways to skin a cat, but using John here is like trying to explode the door of a safe, when the window right next to it is open…

Hi Guys,

i am very new to HTB and “hacking” in . I have both flags but when i try to submit flags on HTB, it throws me error. is there a way we submit flags?

@RedLotus said:

Hi Guys,

i am very new to HTB and “hacking” in . I have both flags but when i try to submit flags on HTB, it throws me error. is there a way we submit flags?

As far as I know OpenAdmin doesn’t use Dynamic Flags, so it depends on what the error says.

For example, you do need to select a rating before you submit, that often throws people.

If all else fails and you are confident you have selected a rating and have the flag from user.txt, you can raise a ticket on JIRA for HTB to investigate.

@RedLotus said:

Hi Guys,

i am very new to HTB and “hacking” in . I have both flags but when i try to submit flags on HTB, it throws me error. is there a way we submit flags?

For some time, now, flags have become dynamic. This means that they (usually) change with every reset of the machine. It is thus advised to submit the flags as soon as you discover them.
If a flag doesn’t work, even when you immediately submitted it, try resetting the machine, wait a few after the reset, obtain the new flag and submit it. There seems to be a delay between “the machine is back up, again” and “the new flag has been generated on the machine”.

Hi, Ive rooted the box earlier but not the john-route. Today I went back and want to manage to get in that way, but johns answer seems to be incorrect? DM me if you have any nudge/comment on that?

Edit: I manage to solve this one with some help from a member on the forum :slight_smile: Error located between screen and chair.

I reached the final step of the 2nd users and found the super privileged command, but didn’t know how to use it to get the root.txt flag
any hints?

@n0Idea said:

I reached the final step of the 2nd users and found the super privileged command, but didn’t know how to use it to get the root.txt flag
any hints?

Read back through the past few pages - this has been asked a lot, or use the search feature to find relevant posts.

Its hard to add anything to what has been said before without a massive spoiler.

@gnothiseauton said:

I read a lot of “John” here, but uncle john isn’t needed.
Many ways to skin a cat, but using John here is like trying to explode the door of a safe, when the window right next to it is open…

@kbotnen said:

Hi, Ive rooted the box earlier but not the john-route. Today I went back and want to manage to get in that way, but johns answer seems to be incorrect? DM me if you have any nudge/comment on that?

I’d be fascinated to know you bypassed the need for John (or some equivalent tool) on this box.

Happy to discuss in private if that is easier.

Type your comment> @TazWake said:

@n0Idea said:

I reached the final step of the 2nd users and found the super privileged command, but didn’t know how to use it to get the root.txt flag
any hints?

Read back through the past few pages - this has been asked a lot, or use the search feature to find relevant posts.

Its hard to add anything to what has been said before without a massive spoiler.

I know the sudo command to run, but when i run it it just opens the file on nano
tried writing bash script inside of it, but didn’t know how to execute it

@n0Idea said:

tried writing bash script inside of it, but didn’t know how to execute it

Go back and read the tips. Running the command correctly is the first part.

Type your comment> @TazWake said:

@n0Idea said:

tried writing bash script inside of it, but didn’t know how to execute it

Go back and read the tips. Running the command correctly is the first part.

I did, i will dm you

Rooted
Thanks to @TazWake
Hint for root: Did u ever hear of GTFObins?

I’d be fascinated to know you bypassed the need for John (or some equivalent tool) on this box.

Happy to discuss in private if that is easier.

Probably the best hint I can give: given anyone who uses john, should know why they actually do that step, just know you can do that same thing you are trying to achieve without ever needing john… but even that seems almost like a redundant explanation: cause the reason anyone would grab for john, ‘is’ because they already know about this principle in the first place. It then may take some time to read up on the ‘how’, but still…

Point is: forget john, open a manual before you open john and you should pretty much find what you are looking for on the first page.
Then again, to place this in a perspective of reality: although it’s simple in the end, I’m new to this and it took me about 2 days to turn this machine inside out. So no harm if you spend some time figuring it all out: it’s worth it.

@gnothiseauton said:

Point is: forget john, open a manual before you open john and you should pretty much find what you are looking for on the first page.

I think I need to PM you about this because there is something I simply dont get here.

The thing you need to use John for is a fundamental control to prevent misuse of the thing itself. If you can trivially bypass it then either there is something I’ve completely misunderstood (often the case) or a few assumptions over the years have been badly made.

If the thing can be used without unlocking it, the lock is pointless and that should be true everywhere.