Official OpenKeyS Discussion

Rooted. Quite interesting box. The hardest part of my journey on this box is the OPENingKEYS.

Knock my inbox for hints.

openkeys# id
uid=0(root) gid=0(wheel) groups=0(wheel), 2(kmem), 3(sys), 4(tty), 5(operator), 20(staff), 31(guest)

Rooted. Feel free to pm for hints.

Rooted!
If anyone need a help, pm :slight_smile:

rooted. The foothold is the hardest part :slight_smile:

rooted!
Cool box!

Just a quick hint for everyone. This box can be done with just one article from google. Both user and root parts. The user part is CTFy a little bit, look at what you have and try to abuse it. There is a huge rabbit hole and I see everybody get in there right away, I did the same and wasted couple hours. PM if you need help.

Google and once you find what you need it should be straightforward.

PM for nudge.

Rooted!

openkeys# whoami && id && hostname
root
uid=0(root) gid=0(wheel) groups=0(wheel), 2(kmem), 3(sys), 4(tty), 5(operator), 20(staff), 31(guest)
openkeys.htb

Foothold was tricky. If anyone is not able to get root, you’ll have to try multiple times. I got it on my third try.

Rooted this machine just now. Very easy machine.

Missing an important thing will cost hours of time. Thanks @tomunderhill for reminding me what I missed during the enumeration phase.

My hints:
For user/foothold: How you read ‘strings’ from a bin? (No RE needed) - Google FU - CVE
For system: CVE again

Rooted but unlike @gunroot, I didn’t think it was that easy :smile:

I got caught up in lots of rabbit holes at the start but, with a nudge from @MariaB I got out and, looking back, a lot of the data I gathered flailing around the start, made getting root super easy.

Getting user is one of those things which, once you’ve done it, seems obvious but when you are going the other way, it can seem impossible. All I can say is the hints in the forum help, enumerate services, try to download everything you find, analyse everything you find. From there, practice google-fu and find some public vulnerabilities.

As @VoltK has said, you can get everything you need from one article via Google.

However, you might find it easier to get the repo for privesc as that is genuinely click-root.

Rooted!!!
Good machine to learn from. Took a while to know what to do at first.
:slight_smile:

PM for help

Rooted!

openkeys# id && hostname
uid=0(root) gid=0(wheel) groups=0(wheel), 2(kmem), 3(sys), 4(tty), 5(operator), 20(staff), 31(guest)
openkeys.htb

Very Easy :smile::smile: :smile:

Is it need OPENBDS machine for RE ?

@NFire0111111 said:

Is it need OPENBDS machine for RE ?

No.

Didi port 80 died? I am not getting it

kind of cve

Type your comment> @gunroot said:

Rooted this machine just now. Very easy machine.

Missing an important thing will cost hours of time. Thanks @tomunderhill for reminding me what I missed during the enumeration phase.

My hints:
For user/foothold: How you read ‘strings’ from a bin? (No RE needed) - Google FU - CVE
For system: CVE again

agreed very close hints

Finally Rooted!!!