Official Ready Discussion

i̶v̶e̶ ̶g̶o̶t̶ ̶u̶s̶e̶r̶,̶n̶e̶e̶d̶ ̶h̶e̶l̶p̶ ̶w̶i̶t̶h̶ ̶d̶*̶ ̶u̶s̶e̶r̶.̶ ̶n̶u̶d̶g̶e̶s̶ ̶a̶r̶e̶ ̶a̶p̶p̶r̶e̶c̶i̶a̶t̶e̶d̶.̶
rooted

Made a note of the root password 4 separate times without following up on it facepalm finally got root though.

@Arty0m same… I really need to get into the habit to take proper notes and automate this stuff so I won’t push it back for “later”. Because “later” apparently means a month to me.

Anyhow, I am so glad I didn’t go through the effort to read up on, compile and run l**r****n, wait about an hour and realize it doesn’t work in this env anyway just because it’s like the 2nd google result for ****** privesc :wink:

rm -rf /tmp/htb_nomad

Can anyone help out with the py script, The script says runs successfully but I donot get a shell, Can I DM anyone ??

[EDIT]* Got the shell :wink:

Rooted :slight_smile:

Learned a few things in the way, including how to read tool output :stuck_out_tongue:

any help with root please?

@k01n said:

any help with root please?

Enumerate, find loot, privesc, escape, get root on box.

Type your comment> @TazWake said:

@k01n said:

any help with root please?

Enumerate, find loot, privesc, escape, get root on box.

Rooted! :slight_smile:

Is something going on with this box? I’m getting a HTTP 502 error where, login was loading fine earlier. Back up.

anyone can PM me i cann’t get the reverse shell.

Easy and fun box, here are my hints

Foothold

Versions are important, you should do nothing more than run a cmd to get the initial shell

Co******r Root

There is a fantastic hint that I should have listen before spending a lot of time in enumeration… page5, @blacViking (thanks man !)

Actual Root

What can you do and what is your goal ? Google it and you’ll be free.

If you need help, feel free to PM

Rooted, thanks to @Shubhamz007 and @DarkRider88

Rooted. Fun box.

Rooted, pretty fun and easy box.

PM me if needed :slight_smile:

I keep getting a connection to my nc listener, but I can’t run anything after the initial connection. anyone have advice/solution?

I’m don’t receiving connections on my nc listener. I’m normal exploit from edb, any suggestions? I’ve read that i need to do some tunning but i don’t know where (i’ve tried using another reverse shell). Any minimum help would be appreciated

I’m don’t receiving connections on my nc listener. I’m normal exploit from edb, any suggestions?> @BoWyatt said:

I’m don’t receiving connections on my nc listener. I’m normal exploit from edb, any suggestions? I’ve read that i need to do some tunning but i don’t know where (i’ve tried using another reverse shell). Any minimum help would be appreciated

I got a shell with another script but i want to understand the most popular ones. Still figuring out why im not receiving with the other script.

I’m stuck on how to get du** user. Enumeration and linpeas did’nt get me useful things, any hint ?

@UVision said:

I’m stuck on how to get du** user.

Double check you need to get this user account.

Enumeration and linpeas did’nt get me useful things, any hint ?

Yes, enumerate more. To steal a phrase from PWK/OSCP, it really is a “try harder” here.

Your enumeration needs to look at an unusual folder which might hold things people use to store stuff.

@TazWake I have for now listed the directories accessible for writing without having seen an interesting info, I guess I must have missed it.