@Overthink said:
Rooted Best box on htb.
Fantastic work.
Definitely the hardest box I’ve ever done, but well worth the effort. Taught me something new at every stage.
Got a shell, go to next user…
Why ssh periodically don’t response? Anybody has something similar?
EDIT: Found problem.
I need help with second user part. Please PM me for discussing.
Type your comment> @pinnn said:
I need help with second user part. Please PM me for discussing.
If you have queries, you can dm me on discord.
Hint for foothold and user:
If you know where things are going, you will find some resources online that are VERY similar to the solutions required to get to user.
@yb4Iym8f88 said:
For those who will need it and do not want to google a lot:
Debug symbols for kernel 5.0.0-38-generic (unsigned) are there https://launchpad.net/~canonical-kernel-team/+archive/ubuntu/ppa/+sourcepub/10775082/+listing-archive-extra
Do not know why they are not indexed by google properly.
Or you can just compile it from sources.
Thanks for sharing. My Google-fu probably failed me on finding those, and I was already about to try debugging without those (which caused quite some headache )
Spoiler Removed
Got root! It was my first kernel exploit (i found two ways to exploit it) @R4J thanks!!
P.S. Where is the badge?!
@pinnn said:
Got root! It was my first kernel exploit (i found two ways to exploit it) @R4J thanks!!
P.S. Where is the badge?!
Congrats. Still fighting with it, but I’m sure that I’m on a good path
The badge is expected to appear soon™ (at least, that’s what everyone got assured of, as long as the official Discord channel existed)
Can anybody give me a nut about how to get the leak (bypass the PIE) on the second part to get user?
I am getting this error everytime: mismatching next->prev_size (unsorted), can someone help me sort it out?
User part is not hard.
Type your comment> @HKHK said:
User part is not hard.
Will try getting root now
I’ve compiled the program and set a breakpoint on the new function.
It hard crashes with
Thread 1 "**" received signal SIGILL, Illegal instruction.
as soon as it is hit, Is this intentional or have I screwed up on the compilation stage
@sebiV said:
I’ve compiled the program and set a breakpoint on the new function.
It hard crashes with
Thread 1 "**" received signal SIGILL, Illegal instruction.
as soon as it is hit, Is this intentional or have I screwed up on the compilation stage
Can you please be more specific? What program did you compile?
Hi. I have a shell to the machine. can someone five me a nudge for user?
Type your comment> @HomeSen said:
@sebiV said:
(Quote)
Can you please be more specific? What program did you compile?
I’ve private messaged for fear of writing of spoilers
@f1x1t1x1f said:
Hi. I have a shell to the machine. can someone five me a nudge for user?
The common privilege escalation scripts should guide you the way to what to investigate next