Book

Wow, what a nice yet challenging box! user was way harder than root if you didn’t know the attack vectors. Thanks to @marlasthemage for the nudges to point me to the right direction! And thanks to @MrR3boot for another “nasty” experience. After all the struggle with user I at least added 2 additional vectors to the arsenal. Read and learn is so true xD
As always I’m happy to help!

Rooted :slight_smile:

You can PM me for tips

Rooted! Big thanks to all who helped me! :slight_smile:

Learned a lot

Owned this cute box. The exploit for root is very easy, user was a bit hard. But it is an amazing box. Thanks for the creator as always… :wink:

Hello,
I know the privesc needs to play with lro*.
But is it to exploit an apache vul like cfca**** or not at all?

THanks for your answer

mother of pearl that was hard getting user. Learned a ton and onto root!

Type your comment> @Tempuslancien said:

Hello,
I know the privesc needs to play with lro*.
But is it to exploit an apache vul like cfca**** or not at all?

THanks for your answer

You are on the right way with your first statement. As mentioned there is a well documented tutorial to exploit this vulnerability which you can use with almost no changes. Try to understand why you have this files in your user directory and what happens when the vuln program runs.

nice box, took me forever to get user, but then root was pretty straight forward after some enumeration and googling.

@reini thank you so much!

Hi! Some nudge to get into the admin pannel? I know what to do but not how actually do it. I tried many things and nothing works.

@TheDante98 said:

Hi! Some nudge to get into the admin pannel? I know what to do but not how actually do it. I tried many things and nothing works.

Is this any help?

Type your comment> @TazWake said:

@TheDante98 said:

Hi! Some nudge to get into the admin pannel? I know what to do but not how actually do it. I tried many things and nothing works.

Is this any help?
Book - #333 by exzandar - Machines - Hack The Box :: Forums

Yeah, I know I have to overwrite it. The thing is I don’t know what uncommon technique to use and it is hard to google it. I’m trying everything in Burp. I can PM you with the things I tried and managed to do.

Finally rooted after a whole week. Overall super awesome box I learned a TON with this one. Really had to work to make it past each step.

@TheDante98 said:

Yeah, I know I have to overwrite it. The thing is I don’t know what uncommon technique to use and it is hard to google it. I’m trying everything in Burp. I can PM you with the things I tried and managed to do.

ok

Type your comment> @TazWake said:

@TheDante98 said:

Yeah, I know I have to overwrite it. The thing is I don’t know what uncommon technique to use and it is hard to google it. I’m trying everything in Burp. I can PM you with the things I tried and managed to do.

ok

No prob, I just got it, @Cedgar helped me. It was really easy, I was just missing a thing. I won’t forget this lesson though. Thank you very much to both of you!

Great box, Kudos on this. Really liked the different methods here and it was a good learning experience!

Definitely enough hints in this thread, best I can say:

User: see all the other comments, nothing better to say here

Root: Once you learn how things switch in and out, RTFM, and compare what you found online with what you have available. Once you tweak it correctly, if you aren’t getting the expected output, be sure try a few times and different ways, sometimes things you think won’t work, but they eventually will :wink:

I’ve managed to get something important that should let me in on a small port. It doesn’t seem to be working though and I’m completely stuck. I have tried my best not to ask for help and I’m proud how far I’ve gotten but if someone could PM me I’d really appreciate a nudge.

@Baz928 said:

I’ve managed to get something important that should let me in on a small port. It doesn’t seem to be working though and I’m completely stuck. I have tried my best not to ask for help and I’m proud how far I’ve gotten but if someone could PM me I’d really appreciate a nudge.

Chances are good that your content is missing some characters at the end of each line.

Look for a different way to read it.

Rooted !
DM if you stuck

After banging my head during 3 days I got user. 1 day totally spent in syntax errors and some crazy things. It was always in front of me! I’m really enjoying this box, it has many little things where you can learn.

Thanks to @TazWake! He gave many useful tips around this thread!

DM if you need help!