Valentine

Just rooted. Early in my enumeration I came across what was a very very quick win for the root (artifact from someone elses privesc). Only for it to not work when I came to use it. I thought it was just a trolling attempt so looked for other ways.

Then when I realise the privesc it was straight forward enough. Although someone did crash the box as I was navigating to the flag.

still not have any passphrase, iexploit the vulns but nothing in memory just see a respeated code and decoder,encoder im i in the right way please guide me

Finally owned this box. Took me forever to get user. Turns out there was more exploration required than I had thought. After struggling to get user for like two days I got root in 5 min. So it goes, haha. PM me if u need a nudge.

finally got root :slight_smile:

If anyone needs help pm me

I just don’t get it.
I got the RSA key. So far so good. But I can’t figure out where you all found the passphrase. Dirbuster didn’t help me. And analyzing the image didn’t help me neighter.
And what’s that exploit everyone is talking about?

I would be very happy if someone could give me a hint.

The image gives you a hint about the exploit that you need. Failing that, look for exploits based around the service. or based around the theme of the box name.

@0xchr00t said:
There is a simple and elegant way for priv esc, the dirty way didn’t seem to work for me.
Just look at the programs installed and find ones that are generally not present on HTB boxes.
Also enumerate and find files with weird permissions, and then combine the two.

It clicked once I saw “find ones that are generally not present on HTB boxes”. Thanks!

Got the key and the passphrase, assuming the user name as usual. But it returns type 51.
Am I on the right track?

I still cant believe I used 2 days to own user and 2 mins to own root…

i need a hint on how i must use the rsa and the passphrase, pls help

Could someone PM a hint for the non-dirty method for Priv Escalation? I have a theory, but wanted to bounce it off someone to see if I am going in the right direction.

@HLOverflowww said:
hahaha. I see. I found the username. sometimes users name their files in a certain way.

This quote is so important.

A hint for priv esc. Think about what is running as root. Anything stand out/seem out of place? Feel free to remove this if it’s a spoiler.

I have the key, and I believe the passphrase…however when I try and use the key I get “Load Key : invalid format”…so not sure what’s going on there. Tried multiple means of obtaining the key just in case something messed up. Anyone else figure out what’s up with the key format?

I keep getting the invalid format error message for the private key. I’ve tried everything I can think of to format it correctly, but nothing seems to work. Any tips or nudges in the right direction would be greatly appreciated.

@Altoid said:
I keep getting the invalid format error message for the private key. I’ve tried everything I can think of to format it correctly, but nothing seems to work. Any tips or nudges in the right direction would be greatly appreciated.

Exploiting the weakness will reveal something interesting. Trying going through the different pages and exploit maybe?

@xeexfix059 said:
I have the key, and I believe the passphrase…however when I try and use the key I get “Load Key : invalid format”…so not sure what’s going on there. Tried multiple means of obtaining the key just in case something messed up. Anyone else figure out what’s up with the key format?

A Good chance that the passphrase might be wrong. (I may be wrong). Try verifying. There is a way of confirming that the passphrase is right. Tel me if i am wrong about this.

@Durok said:
i need a hint on how i must use the rsa and the passphrase, pls help

Googling helps!!

So I got root through bovine means, can someone DM me the other method? I want to see if it’s something I should learn.