• Waouw what a pain!!!
    Finally rooted after days on it.
    Probably the hardest box i have done .

    I think the difficulty is that avoiding rabbit holes and detecting every little details comes with a lot of experience.
    That is the hardest part to learn in pentest , not a special techniques that you can learned but lots of practicing that you make "feel" the rigth spot.

    Anyway it makes me learn a lots of things on myself and probably increase my skills.
    Thanks @polarbearer and @GibParadox for the box.

    Feel free to PM for nudge.

    Hack The Box

  • edited May 2020

    Error in query (2000): open_basedir restriction in effect. Unable to open file

    i am using that rouge guy as local server, but i am always getting this message, is that normal?

    Edit: just rooted
    Such a grate Box. (:

  • Type your comment> @rnshkkj said:

    Error in query (2000): open_basedir restriction in effect. Unable to open file

    i am using that rouge guy as local server, but i am always getting this message, is that normal?

    Hi, others people gave the answer on the forum.
    So, maybe you have this message cause you are trying to open a file that you don't have the reading rights ;)

  • Is it necessary to do a reverse shell from the snake, or is there a way to spawn a shell directly from within sh****.p*?

  • edited May 2020

    Hello guys. For foothold how to figure out what file to read after the exploitation? Is something that I had to know from the enumeration? Or something else? Thank you!

  • Just popped root :). Wow! What a fun box!! Outstanding work to the creators!!

    User: I use ffuf for dir fuzzing, for this box you definitely want to look over all the options of '-h' and look for other ones that might be useful when brute forcing.

    Root: This took me longer than it should have, read the man pages for sudo and python and also pay attention to what permissions you're allowed.

  • Hey guys, stuck after f** login. Could anyone please pm me some nudges? Thank you

  • > @roman1 said:
    > Hey guys, stuck after f** login. Could anyone please pm me some nudges? Thank you

    Extract and compare to live
  • I have mixed feelings about this box. Getting a foothold was painful but at the same time introduced me to some new fuzzing tools and some very helpful nudges. To get the user, it is possible to join the dots through the various files that are discovered during enumeration but only if you are aware that the admin tool that everybody probably knows is being superseded by the one used on this box. Getting the user after that was common sense if you remember that what appears to be used for access to one part can also be used to access another which seems to be quite common across a lot of the HTB boxes.
    My favourite bit undoubtedly has been the escalation to root. The sense of satisfaction of getting root was amazing. I thought I knew straight away how to get there until I realised that the permissions had been set in such a way that it wouldn't be possible. Thanks to google and a couple of very good articles, I have a better understanding of the paths the snake takes and how you can make it go down paths that you want it to. The elevator can help with a key to ensure that things stay as needed so your exploit calls home. I wouldn't say this was an easy box but does teach that as you gather each piece of information you need to enumerate everything again as additional bits can appear from one step to the next.
    Thank you @TazWake and @killerhold for the nudges very much appreciated.

  • I just got a user.
    It was not so easy.
    I think this box should have an medium rating.
    Hint for user: if you're not comfortable with MySQL, can read this article:
    Hope this not a spoiler

    Now for root...

  • And root !!!
    For my surprise root was not difficult, maybe because I already dealt with something similar.
    Hint for root:
    Think how to trick a snake in a library.

    PM me if you need help.

  • Finally got root. I clearly missed something important in the beginning and I'm not sure why I overlooked it for hours on end. Weird.
    Many thanks for the ones who gave me a push in the right direction.

    And, of course, thanks to the creators of this box.
    (Not sure if I would rate it easy though, but enough said about that)

  • That was painful. Thanks to @roumy and @ixxelles for hints.

    PM me if stuck.

  • I could use a gentle nudge :) I have fuzzed my way to a credentials.txt but i cant wrap my head around how to get it so i can read in it. i have also dirb***** a lot but couldnt find the login page. Any advice is welcome

  • edited May 2020

    Could use a hint with the foothold here. Cant seem to find this login page. I think i have most of the other pieces.

    edit: rooted.

    def takes a lot of patience to properly enumerate everything, can't rush through it for user part.
    Root i needed to get some hints but overall not too crazy.

    DM me for help.

  • which wordlists you guys use?

  • Type your comment> @CI9HER said:

    which wordlists you guys use?

    There are many wordlists available as BIGbang.

  • guys, a help please.
    anybody who has rooted the box... pm me

  • finally rooted.
    Honestly, this box should be rated as medium at least.
    thx @ixxelles for putting me back on the right track

    echo start dumb.bat > dumb.bat && dumb.bat

  • Great box, all those users and passwords were a little bit confusing, but still more fun than swearing. After all it has great educational value.
    dm if you stuck

  • edited May 2020

    Would you kindly stop DDoSing the box, yes?? Slow down

  • I am working on root. There is something silly I must be missing. I have modified library/module. Can someone dm me to let me know if I am on right track or not?

  • What a well done box. I've really enjoyed this one, I don't understand why such a low rating. So my two cents:

    foothold: basic web enumeration you should always do. read what is written.
    user: read the sauce. it's a backup, may be a bit late - what may have the developer done since then?
    root: basic privesc enum you should always do. if you're lost and have no idea what to do, give yourself a time and read some privilege escalation on Linux machine on the topic. It will be clear soon.

    And as always, don't forget what's the name of the box.


  • Great box. Enjoyed even the frustrating bits. Much respect to @TazWake for the help. If you need assistance, I guess I can help. Cheers.

  • Rooted,

    Pm for nudges :)

  • Just rooted

    Thanks to @ixxelles and @apalooza for the nudges, helped get past the wall I was hitting.

    Overall pretty dope box. The initial foothold definitely seemed the hardest. Root was super cool and definitely taught me something new.

    PM me for help

  • Rooted. If anyone needs help. feel free to DM.

    edited May 2020

    Just rooted the box. It was a brutal journey and i must say i kinda hated it for an easy box.

    The initial foothold, the enumeration was fun - piecing together all the clues and avoiding the rabbit holes, but hated the mysql config part and all the issues I ran into. Thanks to @T13nn3s for the comment here and the hint about the char limit.

    Running a few scripts showed me what to do for the root part. Even though it is pretty straightforward I struggled to get the reverse shell. There are a few articles that describe this, but everything needs to be tweaked and I definitely learnt something new about sudo here.

  • edited May 2020

    Can I pm someone to talk about getting user? I am kind of stuck on command target?

    Hack The Box

  • I have found both files in a****-**r, but I haven't found that login page that everyone keeps talking about. I have tried several wordlists with dirbuster and nothing...
    There must be something really obvious that I am not seeing... Can someone please give a hint?

Sign In to comment.