Official Ready Discussion

finally found root.txt. Special thank you to @TazWake!

Spoiler Removed

Got the root flag! :slight_smile:

Special thanks to @agnorance and @v3ss0n4

I have the files from the uncommon location at /.
Can someone give me a hint on how to proceed, I have encrypted as well as clear text passwords? The escape part won’t be a problem since it’s already well documented on the internet.

edit : I got root user , now on to the escape part

Really liked this box!

Foothold part was a bit hard. Had to use different exploits several times and then adjust the script for my python env (protip: adapt exploit to your needs). Priv esc was fun too. It will take some time, but it is rewarding.

Type your comment> @Shad0wQu35t said:

Type your comment> @Raskul82 said:

(Quote)
Passed it as in bro ? Where ur stuck at

No man I completed the box.

Type your comment> @TazWake said:

Struggling on the initial shell which seems odd as I was 99.999% confident I had the right path. I just get stuck on import in progress. I assume this is the “unintended path” which got patched, so back to google…

Do we know if this path has been patched? I am having the same issue and keep getting “Import in progress” forever. Tried it through Burp as well with no luck.

@CrackerMan said:

Type your comment> @TazWake said:

Struggling on the initial shell which seems odd as I was 99.999% confident I had the right path. I just get stuck on import in progress. I assume this is the “unintended path” which got patched, so back to google…

Do we know if this path has been patched? I am having the same issue and keep getting “Import in progress” forever. Tried it through Burp as well with no luck.

I ended up using a python exploit.

Type your comment> @TazWake said:

@CrackerMan said:

Type your comment> @TazWake said:

Struggling on the initial shell which seems odd as I was 99.999% confident I had the right path. I just get stuck on import in progress. I assume this is the “unintended path” which got patched, so back to google…

Do we know if this path has been patched? I am having the same issue and keep getting “Import in progress” forever. Tried it through Burp as well with no luck.

I ended up using a python exploit.

Update, got user working on root. Turns out I need to get my eyes tested!

Type your comment> @CrackerMan said:

Type your comment> @TazWake said:

(Quote)
Update, got user working on root. Turns out I need to get my eyes tested!

Yup man I over look ■■■■ all the time. If you need help hmu

I really need a hint. I got user, but struggling to get root. Pretty sure that it has something to do with dk, but it is not running.

Rooted! This is definitely a funny machine.
User: Just enumeration
Root1: Find it
Root2: Escape
If you need help, you can write me PM for advice.:smile:

rooted thanks @clure !

already rooted this one.
hint for root2 :

you can do it manually and it's a very simple tricks, please don't make it hard!!

i̶v̶e̶ ̶g̶o̶t̶ ̶u̶s̶e̶r̶,̶n̶e̶e̶d̶ ̶h̶e̶l̶p̶ ̶w̶i̶t̶h̶ ̶d̶*̶ ̶u̶s̶e̶r̶.̶ ̶n̶u̶d̶g̶e̶s̶ ̶a̶r̶e̶ ̶a̶p̶p̶r̶e̶c̶i̶a̶t̶e̶d̶.̶
rooted

Made a note of the root password 4 separate times without following up on it facepalm finally got root though.

@Arty0m same… I really need to get into the habit to take proper notes and automate this stuff so I won’t push it back for “later”. Because “later” apparently means a month to me.

Anyhow, I am so glad I didn’t go through the effort to read up on, compile and run l**r****n, wait about an hour and realize it doesn’t work in this env anyway just because it’s like the 2nd google result for ****** privesc :wink:

rm -rf /tmp/htb_nomad

Can anyone help out with the py script, The script says runs successfully but I donot get a shell, Can I DM anyone ??

[EDIT]* Got the shell :wink:

Rooted :slight_smile:

Learned a few things in the way, including how to read tool output :stuck_out_tongue:

any help with root please?