Hint for TartarSauce!

1356710

Comments

  • very nice box was a good time, thanks to the guy one validated my theory of priv esc. stumbled on root but took today to understand it and write two scripts to simplify it

  • @jameel said:
    rooted the box, i recommend everyone not to use Dirbuster, usually this kind of machine takes me around 30 minutes to root it, however it took e more than 2 days along with asking others, i even wrote a zero day exploit and publish it yesterday for the rabbit hole, i'm really serious i wrote a zero day and tested it on local and worked but not worked on the machine then i've realized i should never ever use Dirbuster anymore,

    Here's my zero day exploit, but it won't work on the machine :
    https://www.exploit-db.com/exploits/44621/

    the best hint i could give for who still stack on this machine, is keep it simple and never use Dirbuster.

    Regards

    I love you! :relaxed:

  • the best hint is if the key fits but does not open the lock then it is the wrong key. Move along nothing to see here. and in the famous words of oscp try harder and enumerate harder

  • Finally got user

  • edited May 2018
    It's most amusing when they are are giving each other 'retartar' advice...

    But in all seriousness. I've been surprised by the amount of salt thrown at @ihack4falafel and myself.

    The box is intended to be a TryHarder style lesson in the following...
    1. Do full enum process of everything first.
    2. Don't dive right into the first thing you see.
    3. Check for false positives and false negatives.
    4. in real world pentesting (the whole point of practicing in htb?) not everything thing is usefull.
    5. Don't be a 'retartar'.... :astonished:
  • edited May 2018

    Double Post

    image

  • @3mrgnc3 said:
    It's most amusing when they are are giving each other 'retartar' advice...

    But in all seriousness. I've been surprised by the amount of salt thrown at @ihack4falafel and myself.

    The box is intended to be a TryHarder style lesson in the following...
    1. Do full enum process of everything first.
    2. Don't dive right into the first thing you see.
    3. Check for false positives and false negatives.
    4. in real world pentesting (the whole point of practicing in htb?) not everything thing is usefull.
    5. Don't be a 'retartar'.... :astonished:

    Thumbs up !!!

  • edited May 2018

    is the hash crackable? or it's rabbit hole, my slow computer can't run hashcat :-1: running another program with basic wordlist, still no result yet. :(

    kluo

  • This box was saucey! Root was the hardest flag in the labs yet for me, good job creators!

    lowpriv

  • @3mrgnc3 said:
    It's most amusing when they are are giving each other 'retartar' advice...

    But in all seriousness. I've been surprised by the amount of salt thrown at @ihack4falafel and myself.

    The box is intended to be a TryHarder style lesson in the following...
    1. Do full enum process of everything first.
    2. Don't dive right into the first thing you see.
    3. Check for false positives and false negatives.
    4. in real world pentesting (the whole point of practicing in htb?) not everything thing is usefull.
    5. Don't be a 'retartar'.... :astonished:

    why dont u try to be less insulting you 'retartar'? If u get bad feedback about the box, it is probably because it sucks. I like it though.

  • edited May 2018

    @Sakk said:

    @3mrgnc3 said:
    It's most amusing when they are are giving each other 'retartar' advice...

    But in all seriousness. I've been surprised by the amount of salt thrown at @ihack4falafel and myself.

    The box is intended to be a TryHarder style lesson in the following...
    1. Do full enum process of everything first.
    2. Don't dive right into the first thing you see.
    3. Check for false positives and false negatives.
    4. in real world pentesting (the whole point of practicing in htb?) not everything thing is usefull.
    5. Don't be a 'retartar'.... :astonished:

    why dont u try to be less insulting you 'retartar'? If u get bad feedback about the box, it is probably because it sucks. I like it though.

    I'm not aiming to insult anyone in particular.
    And, if you feel insulted it may be because the challenge we created made you feel like a 'retartar' (idk :kiss:)...
    If so, be humble.
    None of us are so 1337 we never feel like that.
    Maybe that's one of the things that is important to learn about being a good hacker.
    Not just popping 5h377z all the time.

    I hope in the end. people enjoy it though.

    I love you all.
    ;)

  • FYI... Falafel privesc is killin me atm for some reason... ;)

  • @3mrgnc3 said:

    @Sakk said:

    @3mrgnc3 said:
    It's most amusing when they are are giving each other 'retartar' advice...

    But in all seriousness. I've been surprised by the amount of salt thrown at @ihack4falafel and myself.

    The box is intended to be a TryHarder style lesson in the following...
    1. Do full enum process of everything first.
    2. Don't dive right into the first thing you see.
    3. Check for false positives and false negatives.
    4. in real world pentesting (the whole point of practicing in htb?) not everything thing is usefull.
    5. Don't be a 'retartar'.... :astonished:

    why dont u try to be less insulting you 'retartar'? If u get bad feedback about the box, it is probably because it sucks. I like it though.

    I'm not aiming to insult anyone in particular.
    And, if you feel insulted it may be because the challenge we created made you feel like a 'retartar' (idk :kiss:)...
    If so, be humble.
    None of us are so 1337 we never feel like that.
    Maybe that's one of the things that is important to learn about being a good hacker.
    Not just popping 5h377z all the time.

    I hope in the end. people enjoy it though.

    I love you all.
    ;)

    I surely am humble. The question is: are you? Judging from your previous comments ("It's most amusing when they are are giving each other 'retartar' advice..." + "5. Don't be a 'retartar'.... :astonished:", I don't think you are.
    We love you too, peace

  • edited May 2018

    @Sakk said:

    @3mrgnc3 said:

    @Sakk said:

    @3mrgnc3 said:
    It's most amusing when they are are giving each other 'retartar' advice...

    But in all seriousness. I've been surprised by the amount of salt thrown at @ihack4falafel and myself.

    The box is intended to be a TryHarder style lesson in the following...
    1. Do full enum process of everything first.
    2. Don't dive right into the first thing you see.
    3. Check for false positives and false negatives.
    4. in real world pentesting (the whole point of practicing in htb?) not everything thing is usefull.
    5. Don't be a 'retartar'.... :astonished:

    why dont u try to be less insulting you 'retartar'? If u get bad feedback about the box, it is probably because it sucks. I like it though.

    I'm not aiming to insult anyone in particular.
    And, if you feel insulted it may be because the challenge we created made you feel like a 'retartar' (idk :kiss:)...
    If so, be humble.
    None of us are so 1337 we never feel like that.
    Maybe that's one of the things that is important to learn about being a good hacker.
    Not just popping 5h377z all the time.

    I hope in the end. people enjoy it though.

    I love you all.
    ;)

    I surely am humble. The question is: are you? Judging from your previous comments ("It's most amusing when they are are giving each other 'retartar' advice..." + "5. Don't be a 'retartar'.... :astonished:", I don't think you are.
    We love you too, peace

    BUDYYY!...
    come on... thats just in good spirits...
    dont be such a snowflake :lol:

  • @3mrgnc3 said:

    @Sakk said:

    @3mrgnc3 said:

    @Sakk said:

    @3mrgnc3 said:
    It's most amusing when they are are giving each other 'retartar' advice...

    But in all seriousness. I've been surprised by the amount of salt thrown at @ihack4falafel and myself.

    The box is intended to be a TryHarder style lesson in the following...
    1. Do full enum process of everything first.
    2. Don't dive right into the first thing you see.
    3. Check for false positives and false negatives.
    4. in real world pentesting (the whole point of practicing in htb?) not everything thing is usefull.
    5. Don't be a 'retartar'.... :astonished:

    why dont u try to be less insulting you 'retartar'? If u get bad feedback about the box, it is probably because it sucks. I like it though.

    I'm not aiming to insult anyone in particular.
    And, if you feel insulted it may be because the challenge we created made you feel like a 'retartar' (idk :kiss:)...
    If so, be humble.
    None of us are so 1337 we never feel like that.
    Maybe that's one of the things that is important to learn about being a good hacker.
    Not just popping 5h377z all the time.

    I hope in the end. people enjoy it though.

    I love you all.
    ;)

    I surely am humble. The question is: are you? Judging from your previous comments ("It's most amusing when they are are giving each other 'retartar' advice..." + "5. Don't be a 'retartar'.... :astonished:", I don't think you are.
    We love you too, peace

    BUDYYY!...
    come on... thats just in good spirits...
    dont be such a snowflake :lol:

    It's all good. TartarSauce privesc is killing me atm anyway ;)

  • @Sakk said:

    @3mrgnc3 said:

    @Sakk said:

    @3mrgnc3 said:

    @Sakk said:

    @3mrgnc3 said:
    It's most amusing when they are are giving each other 'retartar' advice...

    But in all seriousness. I've been surprised by the amount of salt thrown at @ihack4falafel and myself.

    The box is intended to be a TryHarder style lesson in the following...
    1. Do full enum process of everything first.
    2. Don't dive right into the first thing you see.
    3. Check for false positives and false negatives.
    4. in real world pentesting (the whole point of practicing in htb?) not everything thing is usefull.
    5. Don't be a 'retartar'.... :astonished:

    why dont u try to be less insulting you 'retartar'? If u get bad feedback about the box, it is probably because it sucks. I like it though.

    I'm not aiming to insult anyone in particular.
    And, if you feel insulted it may be because the challenge we created made you feel like a 'retartar' (idk :kiss:)...
    If so, be humble.
    None of us are so 1337 we never feel like that.
    Maybe that's one of the things that is important to learn about being a good hacker.
    Not just popping 5h377z all the time.

    I hope in the end. people enjoy it though.

    I love you all.
    ;)

    I surely am humble. The question is: are you? Judging from your previous comments ("It's most amusing when they are are giving each other 'retartar' advice..." + "5. Don't be a 'retartar'.... :astonished:", I don't think you are.
    We love you too, peace

    BUDYYY!...
    come on... thats just in good spirits...
    dont be such a snowflake :lol:

    It's all good. TartarSauce privesc is killing me atm anyway ;)

    I see....
    lol
    that makes sense now.
    :lol:

  • @lowpriv said:
    This box was saucey! Root was the hardest flag in the labs yet for me, good job creators!

    Nice Job!

    Glad to please. Well done on getting root. Did you get a shell btw? because that is the intended way.

  • any hint on priv esc? thanks

    kluo

  • @kluo said:
    any hint on priv esc? thanks

    pay attention to the 'differences'

  • @Sakk said:

    @kluo said:
    any hint on priv esc? thanks

    pay attention to the 'differences'

    This ;)

  • Got me on priv esc to. Going to have another crack later. Box is underrated on its dificulty. Its tought me to be much more thorough in my enum. Good box so far :)
  • @kluo said:
    any hint on priv esc? thanks

    +1 :)

    Hack The Box

  • rabbit hole after rabbit hole so far, dis gonna be fun

    fhlipZero

  • I think it's a useful exploit but still a bit confusing :astonished: https://www.exploit-db.com/exploits/44502/ may I have a little bit nudge for getting shell?

  • I read a little bit the box is not bad and I have a time working on it a week to be exact, I like the box because it is realistic.

    now the escalation of privileges is killing me I want to get the root

    any suggestion is welcome

  • @st4rry said:
    I think it's a useful exploit but still a bit confusing :astonished: https://www.exploit-db.com/exploits/44502/ may I have a little bit nudge for getting shell?

    This is not a spoiler!

  • @Vburgos said:
    I read a little bit the box is not bad and I have a time working on it a week to be exact, I like the box because it is realistic.

    now the escalation of privileges is killing me I want to get the root

    any suggestion is welcome

    enumerate enumerate enumerate

  • Anyone I can PM about this box ? Im having some issues finding a way to get shell.... Login wasnt too bad, but getting a shell is killing me.

  • edited May 2018

    Someone Please Pm me, i have found login and have tried all possible functions to change any content/ uploads to start a shell but im duckin going round in circles...

  • @Sakk said:

    @kluo said:
    any hint on priv esc? thanks

    pay attention to the 'differences'

    @3mrgnc3 isn't this spoiler ?? :p

Sign In to comment.