rooted!!! Thanks a lot to @HomeSen and @waza for the hint.
A good box and not really “easy”.
Initial foothold is the most difficult part. Need a CVE and escalate the CVE into something more dangerous.
user part is tricky. Don’t limit your brain in the foothold.
root part is obvious but need some background knowledge. I ran into some rabbit hole of myself and make things complex. But still learned some useful trick, just not applying to this box.
I am having hard time with this machine, probably i don’t have the right background around it. Even if technically it’s not easy I am lost, I have tried to find some articles that would explain, and I know how the cve works, but i dunno what to do with it, or probably i am considering a wrong CVE
Hi guys, I was able to get a shell, but I’m completely stuck. I know I’m missing a detail somewhere, but can’t figure out what. If anyone can give me any nudge on that, I’d really appreciate.
edit: Rooted - Although everything makes sense after you get root, I don’t think this was an easy box, but it was a great machine in terms of the knowledge you get.
Rooted!,i only practiced approximately 5 retired machines before moved on to the active machines as laboratory is my first active machine i rooted ,just filtered on easy boxes and found my self connected to it without any expectation how difficult it could be ,the box is very good as this is how the new boxes should be but the rating should not be less than medium OMI ,thanks @gr33ng10w & @urtv666 for the nudge.
Finally rooted this box. Thanks @waza and @SpawnZii for the tips. Can’t say I really enjoyed this box…it is definitely no easy box.
Foothold: requires a lot of setup but you can find information on exactly how to do it and run the exploit you need.
User: peas should find instructions to allow you to gain access.
Root: Based on all the other comments, when you find what you are looking for, focus on what it is, rather than what it is doing. I was chasing the wrong thing for a while and making it harder than it needed to be.
After resetting the box, it will take quite some time, until al services are up. During that time, make sure no one else initiates a reset (check the shoutbox on the HTB site, and cancel all reset requests fro the box).
For those not interested in trying harder than you need to (this is me for this one) you dont need an elaborate setup to get the exploit for your foothold to work…just find the right CVE and google.
Foothold - exploit chain, can be done with a script if you know what the chain is and how to search it
User - listen to your priv esc tools
Root - typical priv esc research will find this thing, if you can find it, how do you “unpack” it or “peak” into it to figure out what it does???