Official Armageddon Discussion

I’m working on root now.
I know what Ubuntu specific tool i need to use, but i got 401 error.
Any hint?

EDIT: I’m root. I didn’t need to use this whole dirty thing.

finished the machine, If anyone need help, just pm me.

Got user. The very last step should be fast once you know what you’re working with and can configure your tool (a few seconds). If you’re having issues working with m*s** on the box, pack everything in a suitcase and take it outside.

…Got root. After getting user, simply check what “bigguy” things you can do with that user.

Beyond that point it went fast but I have to go back to understand s*** out of curiosity. For the exploit itself, there’s a certain popular source for…breaking out of stuff…that covers all the steps, though I had to change the payload slightly.

Feel free to PM for hints.

Sometimes my curse of overthinking kills me. Got the root flag

I’m in as b*****eaan, have done some basic enum to see that there’s a n exploit with the v2 already in the home dir. Running the v2 exploit fails for me with a 401 error. Looking on Google it and reading on here you can craft your own… I tried this in Kali but it failed and people have said to use a different environment… I really don’t want to install a new VM just for one machine…

Anybody that’s not installed a new VM for this box able to help/DM?

thanks!

Type your comment> @rancilio said:

I’m in as b*****eaan, have done some basic enum to see that there’s a n exploit with the v2 already in the home dir.

Eeeeh, unless I was blind when I did the box, I assume someone left his tools on the box and that folder shouldn’t be there. In any case, I think you can build the necessary package on many distros, including kali.

currently on as the a***** and found the ml directory but stuck on how to get into it. I found the b*********** but not sure where else to look. nudges?

I got user flag. Working on this s*** and s**** thing and slowly going crazy

rooted, it is an easy box.

Type your comment> @devilray said:

currently on as the a***** and found the ml directory but stuck on how to get into it. I found the b*********** but not sure where else to look. nudges?

everything you need is where you landed.
just look at the file’s.
find the creds for your next step.

no need to go outside www, i did and found some things but they where also in the www.

Type your comment> @djbrains said:

Type your comment> @devilray said:

currently on as the a***** and found the ml directory but stuck on how to get into it. I found the b*********** but not sure where else to look. nudges?

everything you need is where you landed.
just look at the file’s.
find the creds for your next step.

no need to go outside www, i did and found some things but they where also in the www.

I was able to find what I needed and got user flag. Thank you!

Can anyone help with root flag? Dirty-Socks not helping…

Type your comment> @secure77 said:

finished the machine, If anyone need help, just pm me.

@secure77 , I tried to message you on HTB, but it’s saying invalid user…dumb system. I was going to ask which package creator you used. I tried FPM, like it says on GTFOBins, but I just keep getting errors.

Someone suggested to me, packing up the file on Ubuntu, so I’m going to try that. Said he spent forever tryin to get it to work on Parrot and Kali, but only worked on Ubuntu.

Rooted

Incredibly dissatisfying as my google search yielded some forum that discussed spoilers :frowning: Even after completing this box, it feels like I cheated…

Anyway, it was not too hard but not too easy either.

Foothold: CVE… I thought it was too good to be true so I spent some time looking for something else. After realizing it was the CVE, it was easy. Obtained the shell manually but it was incredibly cumbersome to use so moved on to mc****. Easy

User: Found what I needed but couldn’t connect to the service. This is where I found the forum. Anyhow, I found what I was missing. ‘Buffered’ vs ‘Unbuffered’ was something I was not familiar with. Once understood, it was very straightforward

Root: Basic enum provided what I needed. Had to modify to create my own payload. Afterward, very straightforward.

PM me for nudge.

Type your comment> @6062055 said:

Type your comment> @secure77 said:

finished the machine, If anyone need help, just pm me.

@secure77 , I tried to message you on HTB, but it’s saying invalid user…dumb system. I was going to ask which package creator you used. I tried FPM, like it says on GTFOBins, but I just keep getting errors.

the first field of the message form is for receipts i think you have tried to enter there
some “subject” :wink:

anyway i sent you a message

Just got root. Big shout out to @x00future for the help.

Foothold: CVE for this, search a popular tool when you know the service running.
User: I had to force my way in…
Root: basic enumeration to find out what you can do…create the right environment to craft your OWN payload (it took me forever as I tried to use a default one for this priv esc method).

DM if you need help.

Spoiler Removed

Rooted! Fun box, not too hard.

Enumeration
Basic enumeration should help you out just fine.

Gaining access
The name of the box is a great help finding your path towards access.

User
Enumeration is what helps. If you found some ‘loot’, where could you employ it and what might it bring? Use the loot to get some more loot. If this new loot goes beyond you, it is always useful to read the bible (The true light that gives light to everyone was coming into the world.)

Root
Straightforward enough. Stuck with a weird error? Perhaps the name you chose is the issue.

User was pretty easy. s*** crafted but after install nothing changed, dm hints?

nevermind, got it

Finished the root part with little effort, if you get stuck at running the craft, try to understand the error and follow it (change some thing in your craft).
By the way, i force in the ssh with ha, someone could give me hints to find another to get in with ml ?? I try to watch the running service but there are no ml process, then i tried to watch the service listening at lo**st but still find no way to get in. Thanks a lot for helping!!