Official Blunder Discussion

Just rooted the box.
Easy box. Thank to @egotisticalSW for creating such cool and nice box.

If anyone need a hint, message me.

DM for tips
![h1pno] (https://www.hackthebox.eu/badge/image/314167)

Box has been too unstable for the last 3 hours, I can’t have 200 successful pings in a row… On VIP… ?

64 bytes from 10.10.10.191: icmp_seq=192 ttl=63 time=148 ms
64 bytes from 10.10.10.191: icmp_seq=193 ttl=63 time=148 ms
64 bytes from 10.10.10.191: icmp_seq=194 ttl=63 time=148 ms
64 bytes from 10.10.10.191: icmp_seq=195 ttl=63 time=148 ms
64 bytes from 10.10.10.191: icmp_seq=196 ttl=63 time=150 ms
64 bytes from 10.10.10.191: icmp_seq=197 ttl=63 time=148 ms
64 bytes from 10.10.10.191: icmp_seq=198 ttl=63 time=149 ms
^C
— 10.10.10.191 ping statistics —
230 packets transmitted, 121 received, 47.3913% packet loss, time 231831ms
rtt min/avg/max/mdev = 147.314/149.110/191.223/4.216 ms
root@kali:~/Downloads#

Edit: Finally got it…

Hello! anyone can private message me for a hint on how to get R***** C*** E******** without using MS**?? thank you very much! =)

EDITED: Finally got it manually. I think it will be easy when the machine is not so unstable. :smiley:

PM for a nudge if needed!

rooted!
Struggled abit with the foothold but when I got in the machine the privesc to root was easy.
Feel free to pm if you are stuck:)

edited

Slightly deceiptful “easy” box… because it has a few red-herring. Indeed, root is “easy” if you have heard of a specific kind of vulnerability, but if you haven’t…

Rooted!

  • Learn a nice new way to privesc :wink:
  • Struggle for foothold like a lot of people apparently
  • Rest is rather straight forward

Thanks @user0n3 for the nudge on foothold

Do not hesite to PM if you need any help, happy to help :wink:

Rooted!

Foothold: Go****** is a better option here. Take a look at possible file types on the website. The next part requires the exact tool you have in mind, but you have to create your own list

User: Google search will help you here. Newer the better

Root: Go back to the basics of privesc.

PM if you need a Nudge

I think that this box have an OSCP-like feeling, with lot of rabbits hole.
Learn a thing on the privesc part so i’m happy with this box.

Don’t hesitate to PM me for hints.

Rooted.
Definitely over thought a few things along the way, fun box.

would appreciate a nudge for user. got a shell, but i must be doing something wrong and can’t escalate to our user :T

Type your comment> @0x41 said:

would appreciate a nudge for user. got a shell, but i must be doing something wrong and can’t escalate to our user :T

enumerate more. a piece of information you already have has some things. are all the things completed?

pm me if you need another nudge.

I enumerated some of this machine yesterday and found a r*******.php file that doesn’t appear to be here today. is this expected? Was finding that file yesterday a fluke?

Type your comment> @Kainn said:

I enumerated some of this machine yesterday and found a r*******.php file that doesn’t appear to be here today. is this expected? Was finding that file yesterday a fluke?

I am assuming someone exploited the box and uploaded a file there and you saw it. I will say that file in not critical for this host.

Type your comment> @TheT3rminat0r said:

Type your comment> @Kainn said:

I enumerated some of this machine yesterday and found a r*******.php file that doesn’t appear to be here today. is this expected? Was finding that file yesterday a fluke?

I am assuming someone exploited the box and uploaded a file there and you saw it. I will say that file in not critical for this host.

That’s what I was leaning towards. Back to fuzzing. Thank you

Rooted, went down a massive rabbit hole trying to get the user. Soon as i got user root was seconds away.

Pfffft, not sure if I like this box or hate it. Went through all possible rabbit holes imaginable. LOL
Many thanks to the creator(s)!

Rooted, Fun box! Congrats @egotisticalSW !

Just rooted this box, it was really fun @egotisticalSW! Need help, just DM.