Remote

@crypt0l0g1c said:
I got an initial shell, submitting the flag for user I get an error.

I also encountred this, try to reset box and try again.
Possible some users modified flag, not sure why would someone do this…

ok, who’s the “smart guy” that changed admin password ??
The credentials stopped working.

EDIT: Restarted the box, now works again.

Rooted via svc method, anyone can PM tip me on the TV method?

I am facing a bit problem in TV method need help.

rooted.
Fun Box. Thanks mrb3n

Found the username and password bahe to U***o but keep getting a session time out even when I restart the box? Any ideas what I could do?

Hey could someone help me with root, Im having some issues with priv esc…

Finally, got root with u…c. I haven’t much skills in hacking yet, and it was good experience for me, thanks to creator @mrb3n :slight_smile:

Type your comment> @GuitarGuy said:

Found the username and password bahe to U***o but keep getting a session time out even when I restart the box? Any ideas what I could do?

Are you going in the Graphical way? Try looking for any attacks against it. By it…i mean…U know.

finally rooted via service :smile:
Thanks for @h0plite for hint :star:

Will try another go at ROOT via the TV as well to learn that as well…

Took me whole day just because box was too laggy to respond to executed commands.

Thanks for owner for fun box !

Having issues running TV BO exploit, can someone help me out with it?

Could use a nudge for root. Focusing on TV but my enum shows no vuln or exploit for that version. Had a look relevant directories and files for hashes but cant find a path forward.
Thanks =)

Type your comment> @89jase said:

Could use a nudge for root. Focusing on TV but my enum shows no vuln or exploit for that version. Had a look relevant directories and files for hashes but cant find a path forward.
Thanks =)

What is the mushroom to Mario in Super Mario Bros.

Owned Administrator.
Very easy machine. Direct approach to all Vulnerabilities.
PM for little little nudges.

Type your comment> @3rpleThr3at said:

Type your comment> @89jase said:

Could use a nudge for root. Focusing on TV but my enum shows no vuln or exploit for that version. Had a look relevant directories and files for hashes but cant find a path forward.
Thanks =)

What is the mushroom to Mario in Super Mario Bros.

Ok, but when I tried running it, it didn’t work. I was In PS but the shell was inside MSF session. I don’t know if that matters.

Thanks for the tip @3rpleThr3at ! I used it to get the root txt but unsure how to actually get a session as Admin, do you mind PM’ing me how you went about this?

Edit: Cancel that, I spoke too soon. It seems like the command param that I use just doesn’t seem to work, tried every possible syntax. Could it be the newer version of this ‘Mushroom’?. Further tests and I’m pretty sure the Mushroom isn’t working. Can you PM me to help me trouble shoot?

My user.txt and root.txt seems to be invalid. Anyone else faced the same issue submitting the flags?

@kryptonbot1986 said:

My user.txt and root.txt seems to be invalid. Anyone else faced the same issue submitting the flags?

its been mentioned a few times in this thread.

You should have submitted the user flag as soon as you got as the flag changes every time the box is rebooted.

If you are getting the flags from a clean reboot and they aren’t working - you can try the tips mentioned elsewhere or report it to HTB via Jira.

Hello,

I found U******o, then I realize the mount part but after enum so hard, I swear I’ve open all possible files, can´t get any file of interest wich help me to the CVE.

Some nudge?

Type your comment> @89jase said:

Thanks for the tip @3rpleThr3at ! I used it to get the root txt but unsure how to actually get a session as Admin, do you mind PM’ing me how you went about this?

Edit: Cancel that, I spoke too soon. It seems like the command param that I use just doesn’t seem to work, tried every possible syntax. Could it be the newer version of this ‘Mushroom’?. Further tests and I’m pretty sure the Mushroom isn’t working. Can you PM me to help me trouble shoot?

Let us know how that goes please. Paddling down the same creek here.