Official Ready Discussion

Rooted!
Actually, I found the creds by pure luck but I can’t find it anymore unfortunately :frowning:
I really wanted to know what are the enumeration steps that leads to find the creds without any nudges…

Rooted, this was quite a simple box to be honest, maybe because recently I did an easy box using same approach

Foothold: Enumerate what you’ve found, and understand versioning. Search for vulnerabilites. There are several tools in the Web, personally I’ve used the very same of an easy box done recently that allowed reverse shell (that needed to be improved) as user g**
User (?): Using classical enumeration tool found interesting credentials that at first glance didn’t appear to be useful, but experience of recents boxes suggested to investigate further and actually I could use them (password reuse is a bad habit). Managed to grab user hash (even though I was not that user, that was odd). At this point I was a little confused as I thought that I reached the goal, but I realized that I needed to try harder.
Root: With some google-fu managed to free my self and obtain what I needed. Decided anyway to do a step further and complete escalation process.

Thanks for the box!

where is the root flag? I can’t find it in the usual place?

Type your comment> @iamshaleen said:

where is the root flag? I can’t find it in the usual place?

Are you sure you really are root?

Just finished the machine… if needed i can help

Type your comment> @alemusix said:

Type your comment> @iamshaleen said:

where is the root flag? I can’t find it in the usual place?

Are you sure you really are root?

I checked the id and its root

@iamshaleen said:

Type your comment> @alemusix said:

Type your comment> @iamshaleen said:

where is the root flag? I can’t find it in the usual place?

Are you sure you really are root?

I checked the id and its root

Have you escaped? If not, you are root in the wrong place.

finally rooted. Big thanks for @TazWake for the help and @likelytarget for the useful hint! :slight_smile:
PM if need guidance.

Rooted. I assume it’s rated medium because of the amount of rabbit holes (especially creds, though maybe there’s more than 1 way in).
PM for hints!

Fun box, but not sure if it should be rated medium. Easy, but still fun to do.

Rooted! I spent far too long trying to escape. Should of tried that first!

ROOTED.!!! Dm is open for nudges

I got user flag and currently stuck as g** user. Trying to find a way to privesc but having issues seeing the path. Nudges? DMs are open if you are worried if it will be to much of a spoiler

EDIT: Never mind, i rooted it and got the flag. This box was interesting and taught me something new!

root@ready:~# id
uid=0(root) gid=0(root) groups=0(root)
root@ready:~# 

Rooted! :slight_smile:

Overall a really frustrating box because I hit rabbit holes hard. Finally rooting after the “middle” hop took less than 5 minutes. 5-6 hours of wasted enumeration hurts… but oh well I guess you live and you learn.

Feel free to DM for nudges.

Thank you that helps.

@digusil said:

Type your comment> @menessim said:

@Cyberzombi3 said:
Hey Guys, could I ask for a nudge oon upgrading the initial shell, having real troubles with it, i’m starting to think that its due to me using ZSH in Kali2020.4 as when backgrounding a task and foregrounding it everything seems to go to s***

the usual upgrading of a reverse shell doesnt work with zsh.
The easiest fix is to just start your nc listener from bash not zsh.

Accidentally, I found a quite simple solution:

script -c "/bin/bash -i" /dev/null

Is that OK? I already have root privileges. But there is not any root flag in the root home. Reset did not help. Command find / -name ‘root.txt’ did not found the flag.

@Alexal said:

Is that OK? I already have root privileges. But there is not any root flag in the root home. Reset did not help. Command find / -name ‘root.txt’ did not found the flag.

It might be worth reading through this thread:

.

Type your comment> @TazWake said:

@Alexal said:

Is that OK? I already have root privileges. But there is not any root flag in the root home. Reset did not help. Command find / -name ‘root.txt’ did not found the flag.

It might be worth reading through this thread:

Official Ready Discussion - #347 by byd3fault - Machines - Hack The Box :: Forums
Official Ready Discussion - #311 by W4GHN4KH - Machines - Hack The Box :: Forums
Official Ready Discussion - #308 by loeffel007mtk - Machines - Hack The Box :: Forums
Official Ready Discussion - #299 by TazWake - Machines - Hack The Box :: Forums
Official Ready Discussion - #297 by mach1ne - Machines - Hack The Box :: Forums
Official Ready Discussion - #296 by psychobolt - Machines - Hack The Box :: Forums

Nevermind, found the solution! Seems unusual for the beginner. One of the comments in this thread helped me)

completed. do dm for any help. :slight_smile: