Magic

Finally rooted!!,
Thanks to @TazWake and @UGlz for their help.
“The devil is in the details”

i have both flags for this box, but neither of them are being accepted – is something up?

Type your comment> @hazel said:

i have both flags for this box, but neither of them are being accepted – is something up?

try to reset the machine… it happens to me before…

I have a shell for www-data and found creds for a db user, but i cannot for the life of me figure out how to use them :confused: any help here?

Rooted the Machine.
It is a pretty straight forward machine but somethings are misleading. Be sure to look carefully inside the details.

Initial Foothold: You can get past the gate without a key. Images can store other things too
User:enum and what you find will lead to what you need
Root:Make sure it uses something that you created

PM if you need help

Rooted.

A simple, enjoyable box. Definitely overthought the escalation to root, it’s much simpler than originally thought.

Happy to help if anyone is stuck.

Pretty cool box… Rooted successfully…
Can knock my inbox for nudges!

Rooted, fun box
Feel free to PM if stuck

Rooted !! NEED HELP ? Msg me

Hi All
Fun Box
but spent some time for the Root access -_-

I found the process (the way to be root) but it doesn’t work
is it cause of the docker process ? I retry and retry… that never work

Help please :wink:

@D4rm1 said:

Hi All
Fun Box
but spent some time for the Root access -_-

I found the process (the way to be root) but it doesn’t work
is it cause of the docker process ? I retry and retry… that never work

Help please :wink:

The way to root the box should work, I dont think it would be affected by anything else.

Have a look at what calls what, add something of your own and give it a new road to use.

Type your comment> @TazWake said:

@D4rm1 said:

Hi All
Fun Box
but spent some time for the Root access -_-

I found the process (the way to be root) but it doesn’t work
is it cause of the docker process ? I retry and retry… that never work

Help please :wink:

The way to root the box should work, I dont think it would be affected by anything else.

Have a look at what calls what, add something of your own and give it a new road to use.

Thanks
But that’s what i did. I search from Google to do it correctly.
I run the binary file…
no it has no effect

@D4rm1 said:

Thanks
But that’s what i did. I search from Google to do it correctly.
I run the binary file…
no it has no effect

Without wishing to sound rude, but if it has no effect, you didn’t do it correctly.

If you did it correctly either it breaks something or your exploit works.

is there a way to make an ssh? it always keeps telling me permission denied (publickey)

i allready put pub key in .ssh… and still nothing.

@protei300 said:

is there a way to make an ssh? it always keeps telling me permission denied (publickey)

i allready put pub key in .ssh… and still nothing.

Depending how specific the syntax is, you might want to double-check how key-based authentication in SSH works.

Finally rooted… With ssh was my stupid, forgot to add to authorized_keys…

Root was very interesting… seems i found it by luck… or nearly by luck

I have the flags but both are not working for some reason? I am entering the hash with no HTB{} format just raw hash

Wow, I’m really struggling on this one. There doesn’t seem to be anything to grasp on, the normal injections don’t work on the login page and gobuster gives me nothing. Any nudges?

Type your comment> @purplenavi said:

Wow, I’m really struggling on this one. There doesn’t seem to be anything to grasp on, the normal injections don’t work on the login page and gobuster gives me nothing. Any nudges?

Hey. If you’re talking about initial login page, then I’m sure that common payload will let you in.

@silverfox983 said:

I have the flags but both are not working for some reason? I am entering the hash with no HTB{} format just raw hash

If you read through a few of the threads here you will see that this is an occasional problem.

HTB uses dynamic hashes which means they change every time the box reboots or is on a different VPN.

However it also means that sometimes the hashes don’t load properly and it creates issues.

The main suggestions seem to be:

  1. reboot, repeat the pwnage, get the new flags, try them
  2. report it to HTB via a JIRA ticket and see if they can fix the issue