Official Armageddon Discussion

Type your comment> @IAmBecomeDeath said:

There a certain elevation command that’s always first on my check list after gaining access to an account. When that returns something on a HTB Easy machine that’s the way forward.

It made it unambiguous which program/service/feature is the attack surface on this box.

Any further hint?

Type your comment> @liuzg108 said:

Type your comment> @IAmBecomeDeath said:

There a certain elevation command that’s always first on my check list after gaining access to an account. When that returns something on a HTB Easy machine that’s the way forward.

It made it unambiguous which program/service/feature is the attack surface on this box.

Any further hint?

I am assuming the command is: sudo -l

Can anyone message me a hint for root? I am going to try and craft something in curl but I am not overly confident…

Type your comment> @rpthomps said:

Can anyone message me a hint for root? I am going to try and craft something in curl but I am not overly confident…

The hint is not needed, you are on the right path as I saw in your post before.
Then look how you could use that information to gain more privileges. If you have found the way to go after and if you have crafted what you think you need there are ways to get it there.

Sure curl -O can be used, but it is not needed.

I hope i don’t spoil to much for you

Type your comment> @CrackerMan said:

Type your comment> @menkar411 said:

What’s wrong with m***l? Can’t log in

Struggling with this one as well. Tried enumerating other services but not finding anything that is jumping out, got the creds but cant apply them, so could appreciate a cryptic hint.

This stumped me, too, but hints in this thread and a bit of reading the man page for m***l showed me a way to run things without having to go all the way in…

I’ve got a foothold and i’m currently logged as a***he user rn, but i cannot seem to find any of the services that people are giving hints about. Running “ps ax” or “systemctl” also yields no info and i certainly don’t see any m***l service running. Maybe i need to reset the box? Or am i barking up the wrong tree?

Nevermind, my enumeration was poor. Got some m***l creds

My crafted s**p file doesn’t work. I tried many things but nothing. Does anyone had the same problem? Thanks a lot!

Rooted this machine.

Hints:
Initial foothold: enumerate the web app and use google
Getting a ssh session: find a user and keep asking access…
Root: ask what you are allowed to do and use that to your advantage

All in all a fun box, a little different than the usual and definitely one of the more real-life ones out there. Thanks to the creator!

Am logged in as ae with an adequate shell, can dump data from m, have found something that looks like a hash in a table but none of my cracking tools are working. Am I just bad at hash cracking or am I down a rabbithole?

EDIT: I was looking at the wrong thing because I didn’t search exhaustively at first. Once I found the obvious right thing it was easy with either hashcat or john

Type your comment> @LegendarySpork said:

Am logged in as ae with an adequate shell, can dump data from m, have found something that looks like a hash in a table but none of my cracking tools are working. Am I just bad at hash cracking or am I down a rabbithole?

It should be cracked, are you using the good hashcat for example and with the good algo?
Can dm for more explain if spoiler.

Type your comment> @Ppair said:

… are you using the good hashcat for example and with the good algo?

Hah, I’m using “a” hashcat trying a couple of algo’s but it sounds like I need to keep trying.

EDIT: oops I missed something really obvious and was trying to crack the wrong thing. Lesson learned: grab the whole mess first and search it all before searching selectively

Type your comment> @eMVee said:

Type your comment> @rpthomps said:

Can anyone message me a hint for root? I am going to try and craft something in curl but I am not overly confident…

The hint is not needed, you are on the right path as I saw in your post before.
Then look how you could use that information to gain more privileges. If you have found the way to go after and if you have crafted what you think you need there are ways to get it there.

Sure curl -O can be used, but it is not needed.

I hope i don’t spoil to much for you

Thanks for you help, @eMVee

Got initial foothold, and then got the user, but stuck at root.

Crafted s**p doesn’t seem to be working even with the special power of the user…Not sure where to go from here…Any nudges?

Type your comment> @Alfamyk said:

Got initial foothold, and then got the user, but stuck at root.

Crafted s**p doesn’t seem to be working even with the special power of the user…Not sure where to go from here…Any nudges?

Nvm, just needed a fresh perspective on the approach. Got root with slightly more crafting

Any help?

Stuck as a*e user, can’t find any creds or get msl to work to dump creds as suggested by others…

Spoiler Removed

Type your comment> @rancilio said:

Any help?

Stuck as a*e user, can’t find any creds or get msl to work to dump creds as suggested by others…

I know the struggle, if you have the correct stuff you should be able to work with it. I had the issue that my connection was broken after 1 query. So maybe a oneliner will do it for you.

@aliabdelmalek said:
hey guys

any help please

Not sure how to give a hint without spoiling, but if you think it should work, read the documentation how to use this thing.

i got everything the exploit worked for me but i couldn’t get reverse shell i tried bash,netcat,python,perl reverse shells but i didn’t recive anything in my listener please help me … i don’t wanna get the shell from the RAPID7 … … guid me plz or give me small hint and i ll be appricated