Official ScriptKiddie Discussion

A pretty easy box, but cool

For those who got issues with the different flags, did you spawn the machine on the new GUI ? Because the new GUI keeps spawning the release arena version of this box, so the flags are the firsts generated and are not valid, spawn the box using the former gui instead.

New GUI ip of the box : 10.129.X.X (Release Arena Version)
Former GUI : 10.10.10.226

Rooted!

Was a nice machine! Thank you. Here my hints:

Foothold: don’t overthink it much. Check on the functionalities offered as there is not too much more.
Root: check how the application works and see if there is something in common between the users you can use to escalate privileges.

Type your comment> @Kailez said:

tips for privesc?

(I hope this is not a spoiler)
Look around the box. Look for things that you can use for privesc. You don’t need to use linpeas or other enum scripts for this one. The whole theme to this box is using the scriptkiddie’s tools against him.

Got stuck on foothold for longer than I’d care to admit. Once I got a shell I’d pivoted and escalated to root in less than 15 minutes.

This box taught me to stop overthinking things, thanks @0xdf

I’ve rooted it but I don’t really get why the lateral move part gets triggered. If you know could you please pm me

Rooted. Nice box; easy but not that easy. I think there is a pb with classification with HTB :wink: At first easy boxes meant launching msfconsole against eternal blue :slight_smile: :slight_smile: It’s not the case any more for easy boxes

Nice box anyway, pm if needed

Can someone give a hint to privesc please?
I think i found the way to do it but i’m not sure and just stuck

EDIT: did it ) Thanks @jamesa for hint

Type your comment> @Healops said:

Can someone give a hint to privesc please?
I think i found the way to do it but i’m not sure and just stuck

PM me and let me know where you’re stuck

This is a fun box. I did figure out root and learned a lot about m******n. If your looking for a hint, do not overthink the steps. Look at what your user has access to. consider looking closely at how the web app works. Once you discover how to exploit what is here, it is a straight shot to root.

Is anyone else getting some errors with this box? I am almost certain I am trying the right thing for the foothold, but constantly getting errors

EDIT: I figured out my issue, but I’d love to see if someone could help me understand why it was an issue in the first place. Please DM if you don’t mind troubleshooting something with me!

Type your comment> @Rugfondler said:

Is anyone else getting some errors with this box? I am almost certain I am trying the right thing for the foothold, but constantly getting errors

EDIT: I figured out my issue, but I’d love to see if someone could help me understand why it was an issue in the first place. Please DM if you don’t mind troubleshooting something with me!

Issue on getting the foothold?

For some reason i am unable to log in using id_rsa for a more stable terminal… anyone else had this issue?

Update: i couldn’t get it to log in using id_rsa asks for password for some reason… so i ended up just pty.spawn and upgrade the shell that way… hope this helps.

Type your comment> @AnonHack3r said:

For some reason i am unable to log in using id_rsa for a more stable terminal… anyone else had this issue?

Update: i couldn’t get it to log in using id_rsa asks for password for some reason… so i ended up just pty.spawn and upgrade the shell that way… hope this helps.

I was able to that to work. Just in reverse :slight_smile:

Type your comment> @AnonHack3r said:

For some reason i am unable to log in using id_rsa for a more stable terminal… anyone else had this issue?

Update: i couldn’t get it to log in using id_rsa asks for password for some reason… so i ended up just pty.spawn and upgrade the shell that way… hope this helps.

worked for me when i did it. didn’t work for another person i talked to until he reset the box.

Type your comment> @HcKy said:

Type your comment> @AnonHack3r said:

For some reason i am unable to log in using id_rsa for a more stable terminal… anyone else had this issue?

Update: i couldn’t get it to log in using id_rsa asks for password for some reason… so i ended up just pty.spawn and upgrade the shell that way… hope this helps.

worked for me when i did it. didn’t work for another person i talked to until he reset the box.

yes this worked for me yesterday today my goal was to get root and another user but when i tried to login with ssh it prompted me with password… so i removed the local host and ran the exploit got a nc then got the id_rsa again and still same problem… im guessing best option would be to reset the box???

Type your comment> @AnonHack3r said:

Type your comment> @HcKy said:

Type your comment> @AnonHack3r said:

For some reason i am unable to log in using id_rsa for a more stable terminal… anyone else had this issue?

Update: i couldn’t get it to log in using id_rsa asks for password for some reason… so i ended up just pty.spawn and upgrade the shell that way… hope this helps.

worked for me when i did it. didn’t work for another person i talked to until he reset the box.

yes this worked for me yesterday today my goal was to get root and another user but when i tried to login with ssh it prompted me with password… so i removed the local host and ran the exploit got a nc then got the id_rsa again and still same problem… im guessing best option would be to reset the box???

if something isn’t working the way it’s supposed to and you feel you did everything right that’s the only next step really.

but you should be able to login with their keys, or your key if you just put it in their authorized_keys folder.

Anyone willing to give me a hint for root? Feel like I’ve found the right thing but it isn’t working as expected. If so PM me please

Finally rooted !!! Fun box … Thanks @0xdf

Thanks @jamesa for getting me off the pit and pointing to the right direction and thanks @Rugfondler for the brainstorms … we had all the pieces of the puzzles and just had to put our brains together … surely 2 heads are better that one :smiley:

@HcKy said:

yea. i’ve told the people i’ve talked to to submit them, but who knows if they are.

Finally had a bit of time so I thought I’d look at this box today. It seems pretty unresponsive to anything (nmap, traceroute, ping etc).

Looking at the number of people who have rooted it, I assume this is just a temporary problem but it does hint it is a bit unstable :smile:

I think I will leave it for a bit longer.