@f1x1t1x1f said:
Hi. I have a shell to the machine. can someone five me a nudge for user?
The common privilege escalation scripts should guide you the way to what to investigate next
@f1x1t1x1f said:
Hi. I have a shell to the machine. can someone five me a nudge for user?
The common privilege escalation scripts should guide you the way to what to investigate next
Type your comment> @HomeSen said:
@f1x1t1x1f said:
Hi. I have a shell to the machine. can someone five me a nudge for user?
The common privilege escalation scripts should guide you the way to what to investigate next
OK, then I have to look deeper.
Does anyone know, if and when a badge will be released for this machine? I mean, it went live almost 5 months ago
@HomeSen said:
Does anyone know, if and when a badge will be released for this machine? I mean, it went live almost 5 months ago
Fun fact about this box - because it is so hard, we can be 100% certain that no more than 34 people have made it to Omniscient rank on HTB since 27 June 2020.
I really feel that getting to 100% ownership is orders of magnitude harder than it was merely 12 months ago. The knock-on effect is that Guru and Elite Hacker are also a lot harder (because getting to 90% ownership when a box and a challenge change every week is painful).
Hopefully this will be taken on-board by the hiring managers, recruiters etc., who seem to be using HTB ranks as a hiring/promotion rule.
Iāve probably missed something obvious for the initial foothold. Iāve spotted the vuln in the repo and know the general direction to exploit it. The only problem is itās a client-side vuln. How exactly am I supposed to obtain an RCE from it?
Check the other port. It will allow you to ādeliverā your payload.
Type your comment> @HomeSen said:
Check the other port. It will allow you to ādeliverā your payload.
Thanks for the tip.
rooted \o/
If someone with a better knowledge of a linux kernel has time to chat, let me know. Still donāt get why some tricks didnāt work as they should.
Type your comment> @HomeSen said:
@pinnn said:
Got root! It was my first kernel exploit (i found two ways to exploit it) @R4J thanks!!
P.S. Where is the badge?!Congrats. Still fighting with it, but Iām sure that Iām on a good path
The badge is expected to appear soonā¢ (at least, thatās what everyone got assured of, as long as the official Discord channel existed)
There should be three badges for this box: foothold, user and root! ?
Iām kind of stuck again for user. I managed to land an arbitrary write but I canāt find a way to leak an address. Any hint would be appreciated.
EDIT: Nevermind. even if I canāt āreadā an address directly, I can still modify it.
Iāve rooted it.
Thanks @r4j for amasing box and @HomeSen and @smrtptr for valuable hints and nuges.
If I could give respect several time, Iād have done it to @HomeSen for hints and to @r4j for box. I spent several month for it and many time felt how my brain was crashing.
This box will finally retire later today. It will be interesting to see the write ups and they are pretty much the only way I will ever manage to root it!
Well done to everyone who rooted this box.
@TazWake said:
This box will finally retire later today. It will be interesting to see the write ups and they are pretty much the only way I will ever manage to root it!
Well done to everyone who rooted this box.
@HomeSen said:
@TazWake said:
This box will finally retire later today. It will be interesting to see the write ups and they are pretty much the only way I will ever manage to root it!
Well done to everyone who rooted this box.
Thats an awesome write up! Amazing work to root the box. I think - even with the write up - I would struggle!
Thank you so much for sharing.
Thanks.
I usually add more details to my write-ups, but I somewhat never managed to prepare the one for RopeTwo. And now I was caught on a pretty short notice on Friday evening that the box will get retired on Saturday
@HomeSen said:
Thanks.
I usually add more details to my write-ups, but I somewhat never managed to prepare the one for RopeTwo. And now I was caught on a pretty short notice on Friday evening that the box will get retired on Saturday
It is still awesome!
Have I gone blind or is there still no Ippsec video or official walkthrough for this?
@TazWake said:
@HomeSen said:
Thanks.
I usually add more details to my write-ups, but I somewhat never managed to prepare the one for RopeTwo. And now I was caught on a pretty short notice on Friday evening that the box will get retired on SaturdayIt is still awesome!
Have I gone blind or is there still no Ippsec video or official walkthrough for this?
There is one, here: https://www.youtube.com/watch?v=m6Fpc3zxrJg&feature=youtu.be Maybe it is still pending approval (just like mine, that I submitted to the HTB site).
There is also a great write-up by @0xdf which even explains the unintended root: HTB: RopeTwo | 0xdf hacks stuff
Ah awesome - that might explain why I could only find one on the box page.
2 hours longā¦ I bet he enjoyed creating that.
This was one of the most amazing htb machines ever created