NIbbles

First Ever hackhebox for me…

I am as far as the login page, I have browsed the file directory, used dirb, tried all defaults I know under the sun. NO IDEA what to look at next. Someone please help!

guys…
think simple…
until yesterday i do same mistake…

I’m stuck trying to get my exploit to work. I’m using the obvious exploit, and have the username and password. Getting the typical issues with image.php. Have reset the box multiple times and tried several payloads.

Got it. I was pointing at too much of the URI… take a look at the source code if you are having issues. It appends something to the URI you provide.

got the web username, now to guess the password. Is it really that obvious or am I missing something…

Got root - I just wonder if it was the intended method :slight_smile:

i have user.txt now onto root. Tough one though, not sure if I need to ssh to the box or use the meterpeter shell?

I got user.txt. Trying to find creds to ssh as the user instead of the meterpreter shell. Is that necessary?

I got user.txt stuck with escape tty, and how to run monitor.sh

@wanz327789 said:
I got user.txt stuck with escape tty, and how to run monitor.sh

How would you run something as root on any other system?

new to this and this is the first box iv’e tried. Got user pretty easy but stuck on what i feel is the very last step in privesc…

got the user in a full shell
I’m running the .sh file but cant figure out how to ‘step in’ as its executing to grab the root user. i tried passing it to bash “./XXXXXXX.sh bash” bit i get “TERM environment variable not set.”. though maybe write a new file to replace the existing one with a exploit but dont have write permissions in vi. though maybe i can pass the executing script to another shell but i have no idea how…

really ran out of ideas now so any help is massively appreciated! loving it so far though!

I’m in the same boat now, I have user and a reasonable shell. I just get kicked off every 3-4 mins by people restarting and I’m not sure yet how to get root.

still stuck on finding shell… any clues? maybe ive found it and just didnt realize. please help me out!

JOk3Rxvi, if you have the username and password then you should be able to use a known exploit to get a shell.

I’m giving up for the evening on /root/root.txt - I just can’t think anymore. :angry:

I got the username and password, and I know the exploit (i think) however when I get a shell I cannot type any commands. Any chance someone could help me understand what I am doing wrong? Wont lie, im a noob.

@UN1X00 said:
JOk3Rxvi, if you have the username and password then you should be able to use a known exploit to get a shell.

I’m giving up for the evening on /root/root.txt - I just can’t think anymore. :angry:

i dont know the username and password… thats what i need help finding… :confused:

AnyOne can help with this:

su: must be run from a terminal

@jc1396 said:

@dvnv said:
i found what i need to find to get root.txt… clearly should be able to use it to elevate. however, when trying to utilize what i found with the proper permissions, i’m seeing this:

“: unable to resolve host Nibbles: Connection timed out
: no tty present and no askpass program specified”

any ideas here? nothing i’ve been able to do, reading up on ttys, has been able to get this to work.

Same here…WTF?

found any solution for this problem

@g1ant372 said:
@MrChrisWeinert @dvnv @jc1396
Any luck with the TTY issue when trying sudo?

I feel this is the last thing to get root. But may be a common fix as i saw the same issue in Bashed, but didn’t end up needing it.

PM me if needed.

i am having this same issue. need help

Could someone help me out in PM if you have a minute?
I’ve edited the monitor.sh and tried catting the contents of root.txt to a temp file but got permission denied on cat.

Also tried nc to pass a root shell but that didnt seem to do anything