I required some time for that user flag, it’s pretty obvious where to get your head into, but not that easy to actually find what you need, or at least for me it wasn’t.
Once you find the CVE, the getting it to work part is also kinda experimenting. Afterwards, ez.
I definitely learned something cool and useful from this user part.
The privesc was probably the easiest I had so far, lol.
Usually it’s pretty rare to see the root part this easy on HTB.
Ok, After reading all of these posts, I now feel dumb LOL. So I believe I know how to go about root but I have tried the you know what port avenue from both my workstation AND from the remote workstation and I CANNOT FIGURE THIS OUT!!! I dont want a giveaway but I also need more than a cryptic answer.
I know the end state of the process, I just dont understand the process!
I don’t understand how people found the vuln so quickly. To be honnest, I went over it, but i had easily 4 or 5 other things to check, so i dismissed it as soon as it didn’t work and checked the other.
Only when i saw the hints did i think that I needed to recheck every single one of those carefully, but without knowing it it’s a different thing. Once you know the hints it’s indeed easy but without the hint you can easily fall into rabbit holes and mess around with things that are somehow realted to the vulnerability which won’t work.
Root is definitely easy and a “classic” of privesc for those who are learning privesc.
My experience was exactly this. Spent all afternoon knowing the weak point but digging through the many possible CVE’s and dead ends before landing on the one that works. It boggles my mind how quickly people pinned down the right one but I’m sure experience plays a role.
No, experience doesn’t count here, you are given a simple clue as to what to search for and that’s it.
User blood was insanely fast, either he was VEEERY lucky or a big hint was handed out to him, plain and simple.
My friend and I have had issues submitting flags on this box when we owned it. I had to wait nearly 20 minutes and wait for the flag to regenerate before the site would take it last night. Haven’t had the issue on the other ones. Friend had the same issue tonight when he did it. I’m running on a VIP instance and he was on the free server - both had the same issue.
Pretty good box though. Root was pretty trivial but the initial foothold took a little searching for the correct exploit.
My friend and I have had issues submitting flags on this box when we owned it. I had to wait nearly 20 minutes and wait for the flag to regenerate before the site would take it last night. Haven’t had the issue on the other ones. Friend had the same issue tonight when he did it. I’m running on a VIP instance and he was on the free server - both had the same issue.
This should be raised to HTB via a JIRA ticket. They cant fix it if they don’t know it is broken.
Anybody having issues with their root shell not persisting very long? I’ve managed to pop the root shell, but it seems to expire after ~5 seconds.
pm
Can you please pm me the same thing? I just rooted Time also (with a little help from a friend) but we both experienced a very very unstable root shell. It’s enough to get the flag, but it doesn’t feel solid. Any advice to improve is very welcome!