Well… Up to the root part, I was fine. I struggled a bit because even though I had the correct vulnerability, I wasn’t using it on the right place. I like this kind of attacks, it’s realistic and I find it to be somewhat elegant if done right.
The root part… Well, I hate *BSD. Everytime I have to deal with it I feel like the documentation is awful. With that being said, it turns out that I had found the solution pretty early on but probably made a mistake implementing it. Seeing that didn’t work as expected, I moved on to other ideas and wasted quite a lot of time, fortunately @TGRHavoc put me back on the right path and it was just a matter of minutes before getting that golden shell root I was craving for Sooo yeah, really regretting not logging my inputs here, as I’m really curious why that didn’t work the first time.
Thanks also to @sicario1337 and @clure for their quick answers and trying to help me
By the way, am I the only one who had a really bad time on the last step to user ? I had between 30 and 90 seconds to figure out something before I had to start the process all over again because my RCE was destroyed.
Foothold: If you found a video then also look for the associated g**h**.
The video I used quickly skimmed over an important part. Making me think I was in a rabbit hole when I wasn’t. Thanks for the hints.
User: Look around first before trying to upgrade your shell, you might find some useful stuff. You will find some other good stuff in that general area.
Root: Takes like a minute if you look in g***b***. By far the easiest part.
am trying to open account but it says This email is not one of those that are allowed
any hint ?!!
tried @student.schooled.htb
yes i visited this one and i tested the email that mentioned there and still getting same message i even tried [teachers’s name]@[nameofthebox].htb but still getting same message
Comparing the foothold, root is tooooooo easy. I spent some time to google but I realized that I have already bookmarked the resource I need before LOL.
Can someone give me some hints for foothold? I’ve found the place of learning, I’ve set up what he asked but now I have no idea for next steps. I’m guessing I have to h_j__k his s_ss__n? I found a video explaining a path for Stored X and getting what I’m looking for there but I’m not sure I’m on the right track…
am trying to open account but it says This email is not one of those that are allowed
any hint ?!!
tried @student.schooled.htb
yes i visited this one and i tested the email that mentioned there and still getting same message i even tried [teachers’s name]@[nameofthebox].htb but still getting same message
The emails allowed are of the form whatever@student.schooled.htb.
@jw0 said:
Can someone give me some hints for foothold? I’ve found the place of learning, I’ve set up what he asked but now I have no idea for next steps. I’m guessing I have to h_j__k his s_ss__n? I found a video explaining a path for Stored X and getting what I’m looking for there but I’m not sure I’m on the right track…
You are Take your time and read carefully anything that might be a hint. Also don’t be like me and look at every user input.
@gs4l said:
Got rce but none of the rev shell one liners seems to be working for me. Also can’t find any wget or curl to upload files on the box. Any nudges?
The syntax is hard to get. I can only tell you to try stuff, rearrange the terms, see what happens and eventually you’ll find a way to get what you need.
One problem that might occur is that since everyone seems to be using the same commands/names straight from Google, then when one uses a command, it conflicts with yours. I’m not 100% sure it’s related but my life became easier after I just gave different names to specific files.
am trying to open account but it says This email is not one of those that are allowed
any hint ?!!
tried @student.schooled.htb
yes i visited this one and i tested the email that mentioned there and still getting same message i even tried [teachers’s name]@[nameofthebox].htb but still getting same message
The emails allowed are of the form whatever@student.schooled.htb.
@gs4l said:
Got rce but none of the rev shell one liners seems to be working for me. Also can’t find any wget or curl to upload files on the box. Any nudges?
The syntax is hard to get. I can only tell you to try stuff, rearrange the terms, see what happens and eventually you’ll find a way to get what you need.
One problem that might occur is that since everyone seems to be using the same commands/names straight from Google, then when one uses a command, it conflicts with yours. I’m not 100% sure it’s related but my life became easier after I just gave different names to specific files.
Thanks mate, I was blindly just uploading the zip file for rce. Looked at the contents in the zip and got an idea and it worked.
Just got user
Edit: got root … not sure whether the root part was meant to be the way I got it