Root was surprisingly easier than I though, literally a one liner. People aren’t joking or exaggerating. Googled 2 things in sequence, and got the answer.
User was extremely easy, enumeration like everyone has been saying.
Initial Foothold is a bit confusing as to what you should do. But you have to go back to your caveman mentality and just force the door you might find.
Got both flags but when i submit them i get the error “incorrect hash for blunder” . I tried to reset the machine but the limit is reached for today. Is my first box… Am i doing something wrong?
Got both flags but when i submit them i get the error “incorrect hash for blunder” . I tried to reset the machine but the limit is reached for today. Is my first box… Am i doing something wrong?
If you read through a few of the threads here you will see that this is an occasional problem.
HTB uses dynamic hashes which means they change every time the box reboots or is on a different VPN.
However, it also means that sometimes the hashes don’t load properly and it creates issues.
The main suggestions seem to be:
reboot, repeat the pwnage, get the new flags, try them
report it to HTB via a JIRA ticket and see if they can fix the issue
Dire need of help on root. I thought the user was pretty easy…everybody saying root is the easy part but I can’t for the life of me find it. I’ve got a shell with f***** user. Linpeas doesn’t finish the scan, so looking through what it gives me, I don’t see anything in particular. I’ve found a couple of CVEs but there are people saying you should only have to type two commands and if you’re uploading stuff, you’re on the wrong track.
[+] Searching specific hashes inside files - less false positives (limit 70)
That’s as far as Linpeas gets me. I’m probably missing something above that, but I’m definitely not able to get anything past that. Please help, point me to the correct John Hammond Video, or any kind of nudge would be greatly helpful.
ps - I’m also on the EU vpn. I worked on it all last weekend using the US vpn but was disconnected nearly every three minutes. Thanks to anybody that will help.
user: all the tips have already been prescribed here, but I can remember again, enumeration, enumeration and enumeration, pay close attention to all the details of the initial page, the rest is a consequence.
root: I certainly improved the enumeration that is key to solve this box. root is super easy.
Dire need of help on root. I thought the user was pretty easy…everybody saying root is the easy part but I can’t for the life of me find it. I’ve got a shell with f***** user. Linpeas doesn’t finish the scan,
This is a box where enumeration tools will actively undermine your ability to progress.
Manual checking is significantly more effective.
When you do this, you can find something which was a publicly disclosed issue/exploit towards the end of last year.
Stuck on root
When i run commands like s*** -l with h*** user to check the prives,
I get “s***: no tty present and no askpass program specified” message
Am I in wrong direction about struggling with that?
Because I found several vulnerabilities for s*** version but can’t run the command because of above message !
Stuck on root
When i run commands like s*** -l with h*** user to check the prives,
I get “s***: no tty present and no askpass program specified” message
Am I in wrong direction about struggling with that?
Because I found several vulnerabilities for s*** version but can’t run the command because of above message !
Stuck on root
When i run commands like s*** -l with h*** user to check the prives,
I get “s***: no tty present and no askpass program specified” message
Am I in wrong direction about struggling with that?
Because I found several vulnerabilities for s*** version but can’t run the command because of above message !
You need to “upgrade your shell.”
Thank you very much, it was really annoying issue (p****n reverse shell is really better)
Finally got root, It took less than a minute
My current issue is that I get this message in msf and it doesn’t create a session suggesfully.
Started reverse TCP handler on CENSORED
[+] Logged in as: f***** (I censored this as well)
Retrieving UUID…
Uploading UQygUigAYU.png…
Uploading .htaccess…
Executing UQygUigAYU.png…
[!] This exploit may require manual cleanup of ‘.htaccess’ on the target
Exploit completed, but no session was created.
What are the recommendations for facing this situations and figuring out which part of the msfconsole is wrong? Thx a lot