Official Armageddon Discussion

Got user pretty easy
And I have some lights on what I have to do to get root. Can someone help me building the s***?

getting a foothold and user was actually harder for me than getting root.

foothold : look around google, OSINT.
user : ENUMERATE, ENUMERATE, ENUMERATE, all you need is already where you are.
root : thereā€™s a known exploit, you just need to craft it for your needs.

There are actually a lot of hints on this discussion, so if youā€™re having a hard timeā€¦ just read everything here from page 1 to end.

good luck!.

guys can you help me i cant open any websites from htb when i go to open any of then the error shows dns probe finished nxdomain in any box i checked everything from fixing dns and setting it to google and resetting network manger i just cant open the websites ending in .htb so please help me i am new here

@Darksward27 said:

guys can you help me i cant open any websites from htb when i go to open any of then the error shows dns probe finished nxdomain in any box i checked everything from fixing dns and setting it to google and resetting network manger i just cant open the websites ending in .htb so please help me i am new here

Three points:

  • you need to add the domains to your hosts file. HTB doesnā€™t use DNS (and it would be a bit weird if it tried to really), so you have to tell your computer what IP address are which hostname.
  • you probably should work through the Starting Point boxes.
  • you might also want to look at the academy site to learn some of the basics.

Type your comment> @pL4sTiC said:

Iā€™m bashing my head into a wall right nowā€¦
Got initial foothold under a*e using a popular framework. Cannot seem to connect to ml, even from the shell. Tried port forwarding and still no luck. BTW, I have the credentials to connect, but canā€™t seem to do so. Any help would be greatly appreciated.

EDIT: NM, hahahahaā€¦ found the alternative, and much simpler, method :wink:

Hey, could you PM me the alternate method? Iā€™ve been trying to connect to the database, but to no avail. I have the creds.

Hint: For those with trouble connecting to m***l.
There are other ways of dumping it :wink:

Foothold: The clue is in the name.
User: A little two-step and then you can get in through the frontdoor.
Root: The master of an older generation can show you the way with his teachings.

Getting the thing to actually build seemed to be the hardest part.

Just got root on this after some really stupid mistakes. Couple tips on getting root from user:

  • Lots of people struggling with environment setup - you donā€™t need to craft the payload yourselfā€¦ you can re-use anotherā€¦
  • If it doesnā€™t work, think about why - read and understand the error, google is your friend :slight_smile:

Can someone dm me and help fix my c***t yaml? I keep getting segmentation fault after installā€¦

Am stuck in root. Even though I went through linpeas and other methods I havenā€™t found a way to go about itā€¦maybe i just canā€™t see it. If anyone wants to drop a hint dm me

Type your comment> @elchambos said:

Am stuck in root. Even though I went through linpeas and other methods I havenā€™t found a way to go about itā€¦maybe i just canā€™t see it. If anyone wants to drop a hint dm me

Look for exploits related to s***.

Reverse shell dies after I enter m**** credits :((((

Type your comment> @reichsstolz said:

Reverse shell dies after I enter m**** credits :((((

Use ā€˜-eā€™ option

FINALLY ROOTED THIS ONE!!! What a pain in the ā– ā– ā–  :smiley:

Fun little box! Found getting user quite straight forward as it involved some staple techniques that every beginner should know, or use this as the perfect opportunity to learn if they havenā€™t yet.

The root user was a little trickier as I didnā€™t immediately work out that Iā€™d found the right exploit, as Iā€™d seen some closed things and discarded the idea.
After trying a little crafting of my own and running into all sorts of issues, I realised I could adapt what I found before and after a little decoding, just used what was already out there.
It didnā€™t work initially as I think someone else had already broken something on the box, but after a reset, the exploit worked exactly as it should.

Thanks for a fun little one

Type your comment> @reichsstolz said:

Reverse shell dies after I enter m**** credits :((((

a one-liner might help

Can someone dm me? Iā€™m stuck with the a****e user and canā€™t get any further.

Buffered vs unbuffered at a certain step> @AbuQasem said:

Use ā€˜-eā€™ option
Or look in to ā€˜unbufferedā€™

Okay I came upon an article that explains about something ā€œDIRTYā€. Got an exploit related to it but the system is not vulnerable to it. Do I need to change something in that? Or am I on the wrong track? Trying for root.

Has anyone had problems spawning a proper tty shell after gaining foothold? I keep getting OS error: out of pty devices. Is it due to selinux and tips to overcome it?