Official Ready Discussion

Type your comment> @Raskul82 said:

Type your comment> @aksika said:

Done, I learnt a lot / Thank you

User: Google is your friend and remember older snakes are more easygoing than younger… getting the flag is easy job then

Root: use what you can find in the configs wherever you can
Sometimes the jail looks scary but you can realize that the door is not locked, don’t overcomplicate it just walk out

Bro now your making me wonder how you passed it.

Passed it as in bro ? Where ur stuck at

finally found root.txt. Special thank you to @TazWake!

Spoiler Removed

Got the root flag! :slight_smile:

Special thanks to @agnorance and @v3ss0n4

I have the files from the uncommon location at /.
Can someone give me a hint on how to proceed, I have encrypted as well as clear text passwords? The escape part won’t be a problem since it’s already well documented on the internet.

edit : I got root user , now on to the escape part

Really liked this box!

Foothold part was a bit hard. Had to use different exploits several times and then adjust the script for my python env (protip: adapt exploit to your needs). Priv esc was fun too. It will take some time, but it is rewarding.

Type your comment> @Shad0wQu35t said:

Type your comment> @Raskul82 said:

(Quote)
Passed it as in bro ? Where ur stuck at

No man I completed the box.

Type your comment> @TazWake said:

Struggling on the initial shell which seems odd as I was 99.999% confident I had the right path. I just get stuck on import in progress. I assume this is the “unintended path” which got patched, so back to google…

Do we know if this path has been patched? I am having the same issue and keep getting “Import in progress” forever. Tried it through Burp as well with no luck.

@CrackerMan said:

Type your comment> @TazWake said:

Struggling on the initial shell which seems odd as I was 99.999% confident I had the right path. I just get stuck on import in progress. I assume this is the “unintended path” which got patched, so back to google…

Do we know if this path has been patched? I am having the same issue and keep getting “Import in progress” forever. Tried it through Burp as well with no luck.

I ended up using a python exploit.

Type your comment> @TazWake said:

@CrackerMan said:

Type your comment> @TazWake said:

Struggling on the initial shell which seems odd as I was 99.999% confident I had the right path. I just get stuck on import in progress. I assume this is the “unintended path” which got patched, so back to google…

Do we know if this path has been patched? I am having the same issue and keep getting “Import in progress” forever. Tried it through Burp as well with no luck.

I ended up using a python exploit.

Update, got user working on root. Turns out I need to get my eyes tested!

Type your comment> @CrackerMan said:

Type your comment> @TazWake said:

(Quote)
Update, got user working on root. Turns out I need to get my eyes tested!

Yup man I over look ■■■■ all the time. If you need help hmu

I really need a hint. I got user, but struggling to get root. Pretty sure that it has something to do with dk, but it is not running.

Rooted! This is definitely a funny machine.
User: Just enumeration
Root1: Find it
Root2: Escape
If you need help, you can write me PM for advice.:smile:

rooted thanks @clure !

already rooted this one.
hint for root2 :

you can do it manually and it's a very simple tricks, please don't make it hard!!

i̶v̶e̶ ̶g̶o̶t̶ ̶u̶s̶e̶r̶,̶n̶e̶e̶d̶ ̶h̶e̶l̶p̶ ̶w̶i̶t̶h̶ ̶d̶*̶ ̶u̶s̶e̶r̶.̶ ̶n̶u̶d̶g̶e̶s̶ ̶a̶r̶e̶ ̶a̶p̶p̶r̶e̶c̶i̶a̶t̶e̶d̶.̶
rooted

Made a note of the root password 4 separate times without following up on it facepalm finally got root though.

@Arty0m same… I really need to get into the habit to take proper notes and automate this stuff so I won’t push it back for “later”. Because “later” apparently means a month to me.

Anyhow, I am so glad I didn’t go through the effort to read up on, compile and run l**r****n, wait about an hour and realize it doesn’t work in this env anyway just because it’s like the 2nd google result for ****** privesc :wink:

rm -rf /tmp/htb_nomad

Can anyone help out with the py script, The script says runs successfully but I donot get a shell, Can I DM anyone ??

[EDIT]* Got the shell :wink:

Rooted :slight_smile:

Learned a few things in the way, including how to read tool output :stuck_out_tongue: