Hint for Sunday

If you’re struggling going from user to root, you may want to start over with your enumeration. It’s aggressively simple. I know that sucks to hear if you’re struggling, but once you see it, you’ll have root in less than a minute. My hint is to ask “what can this user do”? Also when you do see it, you do not need to mess things up to get the flag so be considerate as, according to this forum, many people are trying to to modify sensitive files when it’s not necessary.

Rooted. There’s ALOT of options once you get the main “user” account. if you mess with any key system files please reset the box when you’re done …

@3lpsy said:
If you’re struggling going from user to root, you may want to start over with your enumeration. It’s aggressively simple. I know that sucks to hear if you’re struggling, but once you see it, you’ll have root in less than a minute. My hint is to ask “what can this user do”? Also when you do see it, you do not need to mess things up to get the flag so be considerate as, according to this forum, many people are trying to to modify sensitive files when it’s not necessary.

This. just got root without modifying or exploiting anything.

Any help with the initial foothold?

I have:

  • Found all open ports/services running
  • Enumerated users via the lowest port service
  • Tried running every default password (in Hydra) I can think of against all found users on the service that’s port has been changed for security.

No dice. Am I overlooking a common password? Would greatly appreciate a PM if anyone can point me in the right direction.

ROOTED! hahaha, laughed my ■■■ of when i found out how to “priv esc”. No exploit, no cracking nothing needed. Just Basic linux commands and wireshark…

@xnumber7 said:
Any help with the initial foothold?

I have:

  • Found all open ports/services running
  • Enumerated users via the lowest port service
  • Tried running every default password (in Hydra) I can think of against all found users on the service that’s port has been changed for security.

No dice. Am I overlooking a common password? Would greatly appreciate a PM if anyone can point me in the right direction.

yes the password is stupidly easy. like, its right in your face easy. this is for the first user which you will then use to find a way to get access to the second user. the method for the second user is much less in your face.

Just rooted this. Feel free to PM me if you need a nudge. :slight_smile:

I managed to get the root flag, but I don’t know how to get a root shell, which make me think that maybe I didn’t get it the right way. Can someone PM to see if I got it the right way?

Finally got root flag, will have to thank @macw141 and @UN1X00. sorry for irritating you guys, but hints got me through.

Got root, lovely little box,

any hint, I login into the machin but can read user.txt …

hey guyzz, need a pointer.
got in,
found a troll…its trolling me,
any hint how can i troll the troll ??? hahaha

I’m also stuck on the priv esc from the first user, if someone can PM me with some hints, it would be greatly appreciated

Wow, enumeration really is your bread and butter, I’m kicking myself for not checking (spoiler) location first, I was able to get the second user within five minutes after looking there

Everyone seems to have guessed the initial password easily. I have enumerated users using the service on the lowest port and tried hydra -e nsr + other guesses based on the name of the box to authenticate to port xx0xx. Brute forcing with a larger wordlist would take days over my connection. What else should I be trying?

Ive read that peopl are getting more than 2 ports open on their scans. I was able to enumerate users on one of the services but get authentication errors on the other port. I am only getting those two ports and nothing else. When trying to scan on the Free servers it is taking ridiculously long. Is this normal, can someone point me in the right direction?

ok… I got user.txt and am having trouble with root… I really have no idea what to do next :frowning:

alright nevermind… I got it finally… fml!

Any subtle hints on how to Privesc using that **do application? Cant see any thing i can use to leverage on.

the idiot that keeps changing the sudeors file. YOU DONTTTT NEEEEEDDDDDD TO CHANGEEE ANYY FILEEEE!!! worst case, if you edit it and you see an error JUSTTTT GETT ITT BACK THE SAME ■■■ IT WASSSSSS. HTB should ban people that crash the box for like 30 min from using it