Official Ready Discussion

1678911

Comments

  • Rooted :) Thank you @bertolis for the box. Learnt very important and interesting stuff with this box :)


    User

    There's info all over the internet. No big deal.

    Root???

    Enumerate a dir that has already been mentioned in the forum plenty of times. May be easy to miss, so know your filtering tools. Try all your options.

    Root

    Escape :) Again, Google has some very nice advice for you.


    My PMs are open for nudges :)

    imClara

  • edited February 23

    Finally Rooted. Thanks for the machine, learning sth useful. The enumeration costs a lot of time...
    The escape is not that hard than you think.

    [email protected]:~# id
    uid=0(root) gid=0(root) groups=0(root)

    Hack The Box

  • My two cents about this machine

    Foothold

    After you discover that high port, go check it out and enumerate. With a well known tool we always use on Kali, you can find juicy exploits : Warning -> they are incomplete, try to figure out what is missed, or if you are not a dev or don't know Python so much( advice, you must learn it) find the fixed exploit using Google.

    Shell Improvement

    If you got a shell, it will be basic and unstable.

    Lot of people askin', i usually do :

    python3 -c 'import pty;pty.spawn("/bin/bash")'
    export TERM=xterm
    Ctrl + Z
    stty raw -echo; fg

    User

    Get that flag, is in front of you

    Root

    As other said, use Linpeas if you want, btw there is a folder you have to enumerate, there are files inside and one of them has juicy infos.

    Root Flag

    If you know where you are, you know what to search for on Google. Hacktricks will definitely help you.

    Nice box, i had fun indeed so thank to its creator!

    Hope it helps feel free to DM me if you are stucked :smile:

  • I have to say thanks to @Kiwito and @TazWake : You gave me the hints to solve the situation.

    I don't have to much to add about what @GamesDean said in the post before me... just for the foothold: remember to check one of the first things u should look in a software when you do a PT.

  • Ayyyyy 1st time getting user.txt with no nudges. Good feeling!

  • nice and easy box. I think this is a good beginner machine. user did go down very quickly so I got myself cocky and karma slapped me in the face for that.
    so for root1 lesson learned: if the witch cant find the snake, dont assume it is not there, it is just hiding under the rails. snake can help you getting a proper shell. once you find the juicy info use it. root2: google on how to get out of the cage; this is well known method.
    Best

    zaphoxx

  • was a good one even if d***** is totally new for me.
    The user part was just more simple as expected in view of the rating. But I did another GL device last week with nearly the same foothold.

    One hint in this thread helped me out to escape.
    Thx for that nice experience. Learned a lot.

  • Foothold: Found a helpful snake, but it was a bit moody. It worked once I hard-coded some things. You can grab the user flag with the foothold.

    Upgrading shells is a useful skill to have.

    Local: I wasted so much time on this. There is just so much to sieve through and things that look useful, but are actually useless. I recommend liberal enum withfind and grep. In the end the solution is easier than you probably thought.

    Root: This is easy, just google and follow basic tutorials

  • It was a easy one 'Ready'... Got user and root... Try try...
  • Type your comment> @Arty0m said:
    > Can anyone help me figure out how to escape? i'm assuming i need to use a certain password to su but i'm really struggling to get a tty. this isn't something i've done before so i might be missing something obvious but all the techniques i've come across aren't installed on the box. Can anyone give me an idea about what i should be looking into?

    Any files in your user might help you... To privesc... After getting shell... Files like config files..
  • Advice for this machine;

    ESCAPE!

    Any more info please DM.

    rancilio

  • Just got the user flag! I found two files, one with an private rsa which tried to use as root and the user and no luck... On the second file found some smtp password, but I haven't been able to use it anywhere either...
    Any advise or hint?

  • @thorthehacker said:

    Just got the user flag! I found two files, one with an private rsa which tried to use as root and the user and no luck... On the second file found some smtp password, but I haven't been able to use it anywhere either...
    Any advise or hint?

    This is going to suck but "try harder"...

    You say you haven't been able to use it anywhere, that might just mean you haven't tried the right thing.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Type your comment> @TazWake said:

    @thorthehacker said:

    Just got the user flag! I found two files, one with an private rsa which tried to use as root and the user and no luck... On the second file found some smtp password, but I haven't been able to use it anywhere either...
    Any advise or hint?

    This is going to suck but "try harder"...

    You say you haven't been able to use it anywhere, that might just mean you haven't tried the right thing.

    Thank you so much, it was so easy... Sometimes you just need to go away from the computer so the ideas flow :)

  • Ooof. Got user, and have "root". But getting out is really hard for me. I've tried a few things but at this point i'm more interesting in learning. Can anyone point me in a direction of a tutorial for this part? I'm lost.

  • nvm, got it. What a FANTASTIC box.

  • Well that was fun. Initial foothold and final root flag probably took 10% of my whole time. Really upped my "find" game with this box.

    Great box.

  • i got root shell.
    DM for help

  • Can I PM someone for help? I've got user, used linpeas, looked through a lot of stuff and still not a step closer than I was when I first got user.

  • @ExCommunicado said:

    Can I PM someone for help? I've got user, used linpeas, looked through a lot of stuff and still not a step closer than I was when I first got user.

    You need to enumerate. Read the optional things which you don't normally find on a box here. Get the loot from that, use it.

    Then you need to find a way to get out of the thing you are in but it is easier with your new privs.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Hi! I get user flag and exec linpeas, but i dont see how root privesc. Pls dm me for help. Thx!

  • @str3ss01d said:

    Hi! I get user flag and exec linpeas, but i dont see how root privesc. Pls dm me for help. Thx!

    Read the post immediately before yours.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • edited April 3

    Rooted! Its my first medium box)
    rooted laboratory box before ready box

  • Got shell as g* user found some creds in a non-default folder. Maybe for r****-c**. really not to sure where to go from here. Can anyone give a nudge?

    prutz

  • @prutz said:

    Got shell as g* user found some creds in a non-default folder. Maybe for r****-c**. really not to sure where to go from here. Can anyone give a nudge?

    Have you tried using the creds?

    Remember, password reuse is really, really common. If you have a set of creds for X, there is a good chance they can be reused on Y.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Interesting box. I learned a lot from this one. I learned that i need to really pay attention to my enumeration.

    I am curious to know if i got the root flag the proper way or not, or if there is another way to do it. I suspect there are a few ways but really curious if there was another way besides the easy way i obtained it.

  • um. am i meant to be getting a 422 error every single time I try sign up to g****b?

  • @allTsar said:

    um. am i meant to be getting a 422 error every single time I try sign up to g****b?

    No.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • @TazWake good to know. Anyone else had this issue and resolved it?

  • @allTsar said:

    @TazWake good to know. Anyone else had this issue and resolved it?

    It isn't mentioned very much on this thread, but lots of people experienced this on Laboratory which uses similar technology. I suspect it is a result of some service not starting cleanly when the box initialises.

    I don't have a good suggestion but based on the Laboratory thread you could try:

    • Reset the box and then wait 10 minutes. This should give it time to make sure every service is started.
    • Raise a jira ticket with HTB.
    • Try a different VPN to see if its a problem on the specific server assigned to your instance.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

Sign In to comment.