@senorbueno said:
I’ve been looking at this box all day, I’ve identified two services. I’ve enumerated one successfully, the other I have had no luck getting additional info from. I have usernames found. I cannot seem to gain a foothold though. I think I’m probably going down a rabbit hole, and/or missing some simple utilization of one of the services to login. Looking for any hints or help. PM plz
Do some more enumeration. How thorough were your initial scans? A slower, complete scan is usually a good idea when your initial scan seems to be missing something.
KSEC
May 9, 2018, 4:33pm
130
So I’ve got access to both users on box and the user.txt
Stuck trying to priv escal to root… Can see one tool that an be used via sudo but no way to leverage it ?
meni0n
May 9, 2018, 5:33pm
131
Same here, I can see the tool but get permission denied using it it to try to run anything
SirFIS
May 9, 2018, 8:20pm
132
@IVWKCSEC said:
So I’ve got access to both users on box and the user.txt
Stuck trying to priv escal to root… Can see one tool that an be used via sudo but no way to leverage it ?
PM me
I’m also available to help people stuck on the box
sk2k
May 9, 2018, 8:31pm
133
@meni0n said:
Same here, I can see the tool but get permission denied using it it to try to run anything
i dunno man , i’m pretty sure there’s plenty of things you can pass to it that’ll run
Please stop messing with important files likes /etc/sudoers
Got root. That was interesting. PM me if you need help.
meni0n
May 10, 2018, 1:31am
136
■■■ that was too easy, right in front of my face…
Spoiler Removed - Arrexel
Got the root flag finally. PM if you need help
dneyed
May 12, 2018, 10:04am
140
@sk2k said:
@meni0n said:
Same here, I can see the tool but get permission denied using it it to try to run anything
i dunno man , i’m pretty sure there’s plenty of things you can pass to it that’ll run
Subtle hint. Thanks still getting permission denied. tried everything I can think of, man!
Anyone able to help me with user? I’m connected. Found a file just wanting to know if i’m on the right path PM if possible
@dneyed said:
@dneyed said:
@sk2k said:
@meni0n said:
Same here, I can see the tool but get permission denied using it it to try to run anything
i dunno man , i’m pretty sure there’s plenty of things you can pass to it that’ll run
Subtle hint. Thanks still getting permission denied. tried everything I can think of, man!
Nevermind! got it
I wish I could. I cant think of anything and the regular resetting after people alter the assorted system files is frustrating…
MartyV
May 16, 2018, 12:29pm
145
Root was pretty easy, but it was like: type 2 letters, wait for a minute, type 2 letters, wait for a minute…
I think the host is just bad design. HTB guys should change it or retire it.
Aabkar
May 16, 2018, 1:25pm
146
lol, i got disappointing with the privesc too, i though it will be much harder than this, anyway i learned to pay attention to every switch in every tool!
dneyed
May 16, 2018, 7:50pm
147
Nevermind! got it
I wish I could. I cant think of anything and the regular resetting after people alter the assorted system files is frustrating…
There should be no need to alter system files. All can be done without.
21y4d
May 17, 2018, 6:49am
148
I have a list of users, a list of potential passwords “guessing/like previous boxes”, and a way in.
Since I cannot manually try all passwords for all users, I used Hydra to do it for me, but no matches
There’s no clear user, all of them seem system defaults, and the enum says only root has logged in before…
Any hints?