finally found root.txt. Special thank you to @TazWake!
Spoiler Removed
I have the files from the uncommon location at /.
Can someone give me a hint on how to proceed, I have encrypted as well as clear text passwords? The escape part won’t be a problem since it’s already well documented on the internet.
edit : I got root user , now on to the escape part
Really liked this box!
Foothold part was a bit hard. Had to use different exploits several times and then adjust the script for my python env (protip: adapt exploit to your needs). Priv esc was fun too. It will take some time, but it is rewarding.
Type your comment> @Shad0wQu35t said:
Type your comment> @Raskul82 said:
(Quote)
Passed it as in bro ? Where ur stuck at
No man I completed the box.
Type your comment> @TazWake said:
Struggling on the initial shell which seems odd as I was 99.999% confident I had the right path. I just get stuck on import in progress. I assume this is the “unintended path” which got patched, so back to google…
Do we know if this path has been patched? I am having the same issue and keep getting “Import in progress” forever. Tried it through Burp as well with no luck.
@CrackerMan said:
Type your comment> @TazWake said:
Struggling on the initial shell which seems odd as I was 99.999% confident I had the right path. I just get stuck on import in progress. I assume this is the “unintended path” which got patched, so back to google…
Do we know if this path has been patched? I am having the same issue and keep getting “Import in progress” forever. Tried it through Burp as well with no luck.
I ended up using a python exploit.
Type your comment> @TazWake said:
@CrackerMan said:
Type your comment> @TazWake said:
Struggling on the initial shell which seems odd as I was 99.999% confident I had the right path. I just get stuck on import in progress. I assume this is the “unintended path” which got patched, so back to google…
Do we know if this path has been patched? I am having the same issue and keep getting “Import in progress” forever. Tried it through Burp as well with no luck.
I ended up using a python exploit.
Update, got user working on root. Turns out I need to get my eyes tested!
Type your comment> @CrackerMan said:
Type your comment> @TazWake said:
(Quote)
Update, got user working on root. Turns out I need to get my eyes tested!
Yup man I over look ■■■■ all the time. If you need help hmu
I really need a hint. I got user, but struggling to get root. Pretty sure that it has something to do with dk, but it is not running.
Rooted! This is definitely a funny machine.
User: Just enumeration
Root1: Find it
Root2: Escape
If you need help, you can write me PM for advice.
already rooted this one.
hint for root2 :
you can do it manually and it's a very simple tricks, please don't make it hard!!
i̶v̶e̶ ̶g̶o̶t̶ ̶u̶s̶e̶r̶,̶n̶e̶e̶d̶ ̶h̶e̶l̶p̶ ̶w̶i̶t̶h̶ ̶d̶*̶ ̶u̶s̶e̶r̶.̶ ̶n̶u̶d̶g̶e̶s̶ ̶a̶r̶e̶ ̶a̶p̶p̶r̶e̶c̶i̶a̶t̶e̶d̶.̶
rooted
Made a note of the root password 4 separate times without following up on it facepalm finally got root though.
@Arty0m same… I really need to get into the habit to take proper notes and automate this stuff so I won’t push it back for “later”. Because “later” apparently means a month to me.
Anyhow, I am so glad I didn’t go through the effort to read up on, compile and run l**r****n, wait about an hour and realize it doesn’t work in this env anyway just because it’s like the 2nd google result for ****** privesc
rm -rf /tmp/htb_nomad
Can anyone help out with the py script, The script says runs successfully but I donot get a shell, Can I DM anyone ??
[EDIT]* Got the shell
Rooted
Learned a few things in the way, including how to read tool output
any help with root please?