Official Tabby Discussion

1568101121

Comments

  • edited June 2020

    Hi,

    it's possible to get some hints for privilege escalation from UID:997 to UID: 1000 ?
    After a few hours of research I have not yet noticed anything interesting ... obviously ... to my limited knowledge
    Even in PM, like: "study this topic ..."

    Thanks

    [EDIT]

    Thanks to: 0ryuk0, oxybro, y4th0ts, sulcud for your support.

  • Spoiler Removed

  • Type your comment> @termtype said:

    I am having issues with my user/root flags. They are saying incorrect for whatever reasons. Is anyone else experiencing similar issues? I think HTB has a flaw in their dynamic flag implementation or something.

    @TazWake likes to remind peopel that HTB can't fix the problem unless they know there is a problem. PUT IN A TROUBLE TICKET!

  • edited June 2020

    got root

    Initial foothold: a lot of time lost to identify the way, resolved using it locally. then a small wall for me using the wrong syntax (using single command without prompt)
    User: enough fast to get. it's a system migration, so....
    root: nothing new to identify the way and abuse it

    PM me if you need some hits

  • edited June 2020

    Type your comment> @ReverseBrain said:

    I successfully uploaded a war file via CLI but I get error 404 when I browse to it

    What message do you receive after successfully uploading the war file? It should specify the path for you such as "OK - Deployed **************** [/bah]"

    Arrexel

  • Type your comment> @ReverseBrain said:
    > I got access to host-manager panel but I don't find a way to upload files...

    Actually u can access anything else too for upload something
  • Rooted.
    Nice box, there isn't much I can add that hasn't already been said about foothold.

    The priv esc to root is nice, haven't seen that before.

    Hack The Box

  • Type your comment> @zer0bubble said:

    Type your comment> @termtype said:

    I am having issues with my user/root flags. They are saying incorrect for whatever reasons. Is anyone else experiencing similar issues? I think HTB has a flaw in their dynamic flag implementation or something.

    @TazWake likes to remind peopel that HTB can't fix the problem unless they know there is a problem. PUT IN A TROUBLE TICKET!

    Well, duh, I did PUT IN A TROUBLE TICKET, weeks ago actually!
    https://hackthebox.atlassian.net/servicedesk/customer/portal/1/HBS-6687

    ;)

    This was on Magic box though, had the same problem. It has something to do with the dynamic flags they've implemented. :)

    Arrexel

  • I've been trying for hours to upload a war file with curl, but all I get is a "401 - Unauthorized". Is there another user apart from t****t that i need to find to get there or did I just messed up the commands?

  • Type your comment> @7h3B4dg3r said:

    I've been trying for hours to upload a war file with curl, but all I get is a "401 - Unauthorized". Is there another user apart from t****t that i need to find to get there or did I just messed up the commands?

    Probably the syntax of your command, you have the correct user to do the job as it has the manager-script role.

    Arrexel

  • rooted last night. Fun box, all downhill from after the foothold, but really interesting PE :)

  • Rooted. DM for any nudges :)

    Taylur

  • edited June 2020

    Rooted. It was a amusing box.
    Foothold: The devil is in the details. If you can’t find something, try compiling the correct list of files.
    User: Country roads, take me home
    Root: You will see it right away.
    PM for hints

  • Finally Rooted. PM me if you need any nudge, I like to help :smile:

  • Stuck after getting the shell, any hint that gives me an idea of what file should i look for? spent hours browsing the whole machine xD

  • Man ROOTED FINALLY !!!!
    s/o to @dhruvarora @razntwn for helping me !

    PM me if you need nudge !

    ka1z3n

  • edited June 2020

    @razntwn said:

    Nice machine straight forward once you get foothold.

    Some hints where I got stuck for hours (#1 & #2):
    1. What everyone's looking for: don't trust what you see ... look behind the curtain or use something else which doesn't need eyes [I probably hit it tens of times but dismissed it ... decided to f**z it and was surprised]
    2. Foothold: Do it old school; like vi is to notepad.
    3. User: ... (straight forward)
    4. Root: ... (straight forward)

    PM if I can help.

    Huge +1!

  • Got root.

    The initial vuln was very CTF-y imo, just because it is so blatant, that being said I do know there are vulnerabilities like that so I dont really have any complaints. The foothold was by far the hardest part. Both user and root were pretty good and straight forward. Respect to @Xiotis for correcting my tunnel vision with user of all things.

    Hints:

    Foothold: For gods sake install the software, or at least look up file paths for the thing you know you want to find. Keep in mind you might have found it but your browser might not be cooperating. If there only was some way to view the source your response

    User: find that interesting file, in a place you know exists. Find out how to open it and then use that info elsewhere

    root: enum + google

    If you need additional help feel free to pm me

  • Got root finally.
    Can't add more than what's already in here without giving spoilers, so feel free to pm me.

  • do not install only the files install the whole system

  • Good machine. If you are stuck with l** not finding the i**** or other strange errors, don't try to run the commands from /tmp/ but from some user folder.

  • Hello everyone, I was able to get t***** shell but I can't find any way to get into a**... can someone give me a nudge?

  • @Ac1d0 said:
    Hello everyone, I was able to get t***** shell but I can't find any way to get into a**... can someone give me a nudge?

    Find files written by the user, for the user?

    limbernie
    Write-ups | Discord - limbernie#0386

  • edited June 2020

    Type your comment> @limbernie said:

    @Ac1d0 said:
    Hello everyone, I was able to get t***** shell but I can't find any way to get into a**... can someone give me a nudge?

    Find files written by the user, for the user?

    I can't seem to find anything... ill keep trying!

    Edit: I've managed to complete the box! Thanks again to @rub1ks and @limbernie for their precious help!

  • Got root. Have to admit, was getting pretty frustrated looking for that file during user phase. Once I found it though it was pretty smooth sailing to root.
    Fun box. I'm probably going to back into it when I get some time and really try to understand everything that was going on.

    Dm for help. I'm more responsive on Discord tho.

    rub1ks
    Find me on Discord: rub1ks #4045

  • edited June 2020

    What the Heck!! I rooted this box twice, but there is no root.txt at all !!

    UPDATE
    Rooted and captured the root flag.

  • edited June 2020

    found it

  • I feel so dumb. I've been giving the system a shake down for user creds and I've had them for 2 days....helps to sleep I guess .

  • Rooted! The first machine I rooted without a single nudge:') Thanks for the awesome box @egre55 , had a ton of fun:D Feel free to DM me if you feel you're stuck

  • Type your comment> @termtype said:

    Type your comment> @7h3B4dg3r said:

    I've been trying for hours to upload a war file with curl, but all I get is a "401 - Unauthorized". Is there another user apart from t****t that i need to find to get there or did I just messed up the commands?

    Probably the syntax of your command, you have the correct user to do the job as it has the manager-script role.

    I got it. I was providing credentials in a wrong way. I captured my curl command with Burp and it was pretty obvious.
    If someone else is having the same problem analyze what your sending.

    Thanks for the nudge.

Sign In to comment.