Hint for Sunday

@senorbueno said:
I’ve been looking at this box all day, I’ve identified two services. I’ve enumerated one successfully, the other I have had no luck getting additional info from. I have usernames found. I cannot seem to gain a foothold though. I think I’m probably going down a rabbit hole, and/or missing some simple utilization of one of the services to login. Looking for any hints or help. PM plz

Do some more enumeration. How thorough were your initial scans? A slower, complete scan is usually a good idea when your initial scan seems to be missing something.

So I’ve got access to both users on box and the user.txt

Stuck trying to priv escal to root… Can see one tool that an be used via sudo but no way to leverage it ?

Same here, I can see the tool but get permission denied using it it to try to run anything

@IVWKCSEC said:
So I’ve got access to both users on box and the user.txt

Stuck trying to priv escal to root… Can see one tool that an be used via sudo but no way to leverage it ?

PM me

I’m also available to help people stuck on the box

Hack The Box

@meni0n said:
Same here, I can see the tool but get permission denied using it it to try to run anything

i dunno man, i’m pretty sure there’s plenty of things you can pass to it that’ll run

Please stop messing with important files likes /etc/sudoers

Got root. That was interesting. PM me if you need help.

■■■ that was too easy, right in front of my face…

Spoiler Removed - Arrexel

@dshulman said:
Spoiler Removed - Arrexel

Try it and see

Got the root flag finally. PM if you need help

@sk2k said:

@meni0n said:
Same here, I can see the tool but get permission denied using it it to try to run anything

i dunno man, i’m pretty sure there’s plenty of things you can pass to it that’ll run

Subtle hint. Thanks :slight_smile: still getting permission denied. tried everything I can think of, man!

@dneyed said:

@sk2k said:

@meni0n said:
Same here, I can see the tool but get permission denied using it it to try to run anything

i dunno man, i’m pretty sure there’s plenty of things you can pass to it that’ll run

Subtle hint. Thanks :slight_smile: still getting permission denied. tried everything I can think of, man!

Nevermind! got it :slight_smile:

Anyone able to help me with user? I’m connected. Found a file just wanting to know if i’m on the right path :slight_smile: PM if possible

U r right.

@dneyed said:

@dneyed said:

@sk2k said:

@meni0n said:
Same here, I can see the tool but get permission denied using it it to try to run anything

i dunno man, i’m pretty sure there’s plenty of things you can pass to it that’ll run

Subtle hint. Thanks :slight_smile: still getting permission denied. tried everything I can think of, man!

Nevermind! got it :slight_smile:

I wish I could. I cant think of anything and the regular resetting after people alter the assorted system files is frustrating…

Root was pretty easy, but it was like: type 2 letters, wait for a minute, type 2 letters, wait for a minute… :smiley:

I think the host is just bad design. HTB guys should change it or retire it.

lol, i got disappointing with the privesc too, i though it will be much harder than this, anyway i learned to pay attention to every switch in every tool!:stuck_out_tongue: :slight_smile:

Nevermind! got it :slight_smile:

I wish I could. I cant think of anything and the regular resetting after people alter the assorted system files is frustrating…

There should be no need to alter system files. All can be done without.

I have a list of users, a list of potential passwords “guessing/like previous boxes”, and a way in.

Since I cannot manually try all passwords for all users, I used Hydra to do it for me, but no matches :confused:

There’s no clear user, all of them seem system defaults, and the enum says only root has logged in before…

Any hints?