Traceback

@hawksvision said:

connectivity issue the site is not reachable

For issues like this, it is probably better to raise a JIRA ticket so HTB can become aware of the issue and fix it: Jira Service Management

In practical terms, almost no one reading the forum threads can solve a problem with the box.

Finally rooted - thank you @p4ncake for your hints…

Rooted!

Foothold:
Really simple. What is the first thing you do when you have a web app? Is there any comment that can help you? Where would someone post public available code? Google is your friend on this one.

User:
Things get creative here. You are in, you have a shell. What is the first place you will go? Get the clue as valuable. How can you execute things that are not in other’s home dir?

Root:
Here I was rabbitholed for too long. Enumerate the processes and understand what is being loaded and with which privileges. Look for something that executes everytime you log in.

It is kind of non motivating to see more expert people taking 30 min, 1 hour on this box (at least on comments), so I won’t hide this box took me about 6 :smile: enjoy it at your own pace!

finally rooted and it was fun to learn new things

Stuck at root flag part, any help would be much appreciated. :smile:

Nvm rooted Finally. :smile:

Rooted this one as well! Seems like I was just in time. After getting the root flag the box died and now I can’t get in anymore with my backdoor. Looks like someone slammed the reset button 5 seconds after I got my flag.

This box was fun and not that hard to crack. Enough tips are given here. I don’t think I need to repeat them again. But if you need a nudge feel free to PM.

Please also mention the box you are asking help for since I get a lot of PM’s lately about different boxes.

Can anybody help with root? Don’t know what to do

Just popped root :slight_smile: super fun box!

User: To find what ye seek, you must go back to the source of what you’re searching.
Root: Definitely was overthinking this one at first, by far the most helpful tool was pspy. Also, you don’t need to be super quick, in the world of bash you can do cmd1; cmd2; cmd3 and they’ll execute in order.

pwned and rooted.

Useful tips on page 26 and 27, the only ones I had to look at to get the insights I was missing. Not a hard machine in concepts though, although my inexperience with the tools payed a price here.
Had lot’s of fun, not that much frustration this time and as always, learned a lot.
I will be around if hints are needed.

Well that was a fun one. I had all the parts but needed to refresh on one tech. Can help with non-spoiler nudges but let me know what you tried first and where you are.

Spoiler Removed

Just rooted. Cool, but without clues on this forum, it would be too much guessing (especially for initial foothold). However, I found it pretty fun box.

Feel free to PM for nudges.

I’ve gotten too the part where you move into the folder but I get this error when in the machine. I reset it and got it again can someone help ?

Welcome to the Luvit repl!

Uncaught exception:

[string “bundle:deps/readline.lua”]:485: attempt to call method ‘set_mode’ (a nil value)
stack traceback:
[string “bundle:deps/readline.lua”]:485: in function ‘readLine’
[string “bundle:deps/repl.lua”]:198: in function ‘start’
[string “bundle:main.lua”]:137: in function ‘main’
[string “bundle:init.lua”]:49: in function <[string “bundle:init.lua”]:47>
[C]: in function ‘xpcall’
[string “bundle:init.lua”]:47: in function ‘fn’
[string “bundle:deps/require.lua”]:310: in function <[string “bundle:deps/require.lua”]:266>

so did someone break the machine as this happens between resets or is this an intended thing ? it seems like its having issues with the program it self and loading the needed functions ?

@Jowens066 said:

I’ve gotten too the part where you move into the folder but I get this error when in the machine. I reset it and got it again can someone help ?

Welcome to the Luvit repl!

Uncaught exception:

[string “bundle:deps/readline.lua”]:485: attempt to call method ‘set_mode’ (a nil value)
stack traceback:
[string “bundle:deps/readline.lua”]:485: in function ‘readLine’
[string “bundle:deps/repl.lua”]:198: in function ‘start’
[string “bundle:main.lua”]:137: in function ‘main’
[string “bundle:init.lua”]:49: in function <[string “bundle:init.lua”]:47>
[C]: in function ‘xpcall’
[string “bundle:init.lua”]:47: in function ‘fn’
[string “bundle:deps/require.lua”]:310: in function <[string “bundle:deps/require.lua”]:266>

so did someone break the machine as this happens between resets or is this an intended thing ? it seems like its having issues with the program it self and loading the needed functions ?

Does this also happen, when you just load the repl, without any parameters?

This is my first box ever. It took me a few hours.

Once I became root, I used my root privileges to chattr +i all of the flags and the .bash_history of root and the other two accounts after clearing them. This way no bash history can be recorded, preventing it from giving away clues from other users. Only root will be able to delete critical files now. This could have been done “out of the box” by the author.

@Karatekid430 said:

This is my first box ever. It took me a few hours.

Once I became root, I used my root privileges to chattr +i all of the flags and the .bash_history of root and the other two accounts after clearing them. This way no bash history can be recorded, preventing it from giving away clues from other users. Only root will be able to delete critical files now.

Well, on your server and until it is reset, yes.

This could have been done “out of the box” by the author.

True - and certainly worth suggesting. I’ve found quite often Linux boxes desperately need the creator to make critical files immutable - OpenAdmin was a good example of this.

Finally able to get user and root flags, very fun an simple box.

Can anyone PM me how they managed to get a root shell? I wasn’t able to so I had to get the flag in a very dirty way.

Rooted, very straightforward box

Foothold: no actual vulnerability, just traceback with some osint

User and root basic enumeration will help, just try to know what the box is doing

Feel free to pm if you need any hint

Very easy machine. Easiest of the easy machines I have owned. User to root just took me 15-20 seconds! I don’t know if that was intended or not.

Foothold : comments and irrelevant words always lead you to something interesting.

User and Root are just very basic enumeration you do for linux.

Feel free to pm if you need any hint