If anyone wants to help me in understanding something more, please pm me, becasue i have the horrible sensation of having missed something that is worth to learn…
I’d be happy to discuss this because I cant see how you’d get to the root without hopping through user.
If anyone wants to help me in understanding something more, please pm me, becasue i have the horrible sensation of having missed something that is worth to learn…
I’d be happy to discuss this because I cant see how you’d get to the root without hopping through user.
I really enjoyed this machine. Many many hints exist on here, I don’t think I can add anything at least. Cheers to @ASHacker for a decent box. DM me, should you wish, for nudges or poke me over on Discord.
A very honest tip gained from struggling, if your P*P is disabled/not working and restarting doesn’t help switch to a different server immediately. for the EU free server it was impossible to work on due to instability of machine and people who use exploits without knowledge and consideration about others !!
Just GotRoot! This is one of my favorites boxes. Not sure if I followed the designed path but I got root before I got user, curious to see other peoples wright-ups later on. I did get stuck twice on this box ( initial foothold and root privesc)
Nudges: Initial foothold: Don’t overthink this or go for the rabbit holes. Make sure to enumerate the page and read everything for clues. Once you know you are in the right place GOOGLE. User: Once you find yourself with a shell enumerate and investigate anything interesting Root: Easiest root I’ve ever done. simple privesc script and a quick google is all you need
Congrats to @ASHacker for making an excellent box. If you are still working on it, do not get ahead of yourself w/fuzzing. The rest should fall into place.
Took me too long to get the initial foothold. I don’t think I followed the designed path. I got access to one of the accounts (without flag) after initial foothold, and then immediately got root (and thus user 10 seconds later)…
Fun box. Real life enough to be encountered for real somewhere.
Hints:
Initial: You don’t need to search for exploit code once you find the interesting part. It’s more interesting to use the big text somebody has written. Just use tools made for the job, to find credentials and get your foothold.
With foothold: Enumerate, and think about the name of the box
Well, I got to the r******r.**p page, but whatever I do it doesn’t let me proceed. What I’ve found, has to be done authenticated but nothing works. Could someone give me nudge?
Well, I got to the r******r.**p page, but whatever I do it doesn’t let me proceed. What I’ve found, has to be done authenticated but nothing works. Could someone give me nudge?
Well, I got to the r******r.**p page, but whatever I do it doesn’t let me proceed. What I’ve found, has to be done authenticated but nothing works. Could someone give me nudge?
Nevermind…I found what I needed.
WOW! I wasn’t expecting this! ROOTED! My first box in months after having to step out of HTB!
\m/ ROOTED …
Initial Foothold is the tricky one.
Next Exploit to get he shell is pretty easy which further requires enum …
User Flag is a peice of cake
Getting to root again is a tricky one … many hints are already present in the forum “GTFO” I was new to this term … many things to learn from this box…
The good feeling after getting done with the box. One of the boxes where you get initial foothold everything will be sequential. Enumerate and Enumerate. User was good fight but root was way too straightforward if it was intended. Anyways willing to help out the stuck ones
what a journey thanks for the creators not a hard machine but definitely a nice machine, i learned again about xxxxxcache , and added to my notes, i think get a 2 user from the first enumeration was not planed right? its a bug??
for root if you cant sudo -l try to look for groups, then is enough hints on this forum.
if someone stucks dm and tell me what you have and what you tried.