Official Armageddon Discussion

Type your comment> @6062055 said:

Type your comment> @secure77 said:

finished the machine, If anyone need help, just pm me.

@secure77 , I tried to message you on HTB, but it’s saying invalid user…dumb system. I was going to ask which package creator you used. I tried FPM, like it says on GTFOBins, but I just keep getting errors.

the first field of the message form is for receipts i think you have tried to enter there
some “subject” :wink:

anyway i sent you a message

Just got root. Big shout out to @x00future for the help.

Foothold: CVE for this, search a popular tool when you know the service running.
User: I had to force my way in…
Root: basic enumeration to find out what you can do…create the right environment to craft your OWN payload (it took me forever as I tried to use a default one for this priv esc method).

DM if you need help.

Spoiler Removed

Rooted! Fun box, not too hard.

Enumeration
Basic enumeration should help you out just fine.

Gaining access
The name of the box is a great help finding your path towards access.

User
Enumeration is what helps. If you found some ‘loot’, where could you employ it and what might it bring? Use the loot to get some more loot. If this new loot goes beyond you, it is always useful to read the bible (The true light that gives light to everyone was coming into the world.)

Root
Straightforward enough. Stuck with a weird error? Perhaps the name you chose is the issue.

User was pretty easy. s*** crafted but after install nothing changed, dm hints?

nevermind, got it

Finished the root part with little effort, if you get stuck at running the craft, try to understand the error and follow it (change some thing in your craft).
By the way, i force in the ssh with ha, someone could give me hints to find another to get in with ml ?? I try to watch the running service but there are no ml process, then i tried to watch the service listening at lo**st but still find no way to get in. Thanks a lot for helping!!

Hi

Does anyone else experience connection problems with the box? It is super slow and always falls through. Would be very grateful on some tips how to improve the connection, as it is getting annoying.

Disregard that :slight_smile: Should have googled a bit harder regarding vpn issues.

rooted, but no idea with the s*** service, people said there is an enum, but seems not work

user: ml and ha also works

Finally rooted this machine. The user flag was easy. But boy did the root kick my ■■■. Should have been studying today but instead spent the entire day trying to root this machine! Managed to get it just as I was going bed so I will sleep very peacefully tonight!

Root hint:
Look for a program around this exploit on the web. It’s dirty wink wink.

The program doesn’t work. You’ll need to extract something from it and figure out what to do with it after that. Once you’ve figured out what to do with it, just log in…

On a second note. Email me if you need help. I know you can wait until it’s retired and find out, but it’s also good for you to find out and learn.

Is anyone finding something strange going on with this box? I started it a few days ago and found a D***** installation - however when I look now I can’t see a
Drupal installation but I can see a W******** installation. I have tried resetting the box but it is still the same?

Hey all,

I’m like 99% into getting root, i just need some help with the very last part of the privesc. I understand the parts but i do not understand the tools or the related exploit code enough to know exactly what to do next. I’ve tried googling around but I’m not really sure what to look for. I can list off what i’ve tried in a PM if anyone is around.

Update: I was able to figure root out on my own by going back to a certain blog post by someone who discovered a relevant exploit. Lists exactly how he CRAFTED it and our user has a specific ability we can use. My suggestion is to read this block post top to bottom, then look at the source code to see what it is trying to do.

Notice, this exploit is failing because the /exploit/ itself is blocked, but because of the special permissions our user has we may just have what we need to circumvent the exploit and do waht the exploit intended anyways.

I’m glad i dug deep into this and figured it out on my own, very rewarding.

Don’t forget to reset your machine, it was help me with root

Spoiler Removed

Spoiler Removed

This box took me a lot of time. Most of that time was spent looking for the initial user creds after getting the foothold (since I wanted to avoid brute forcing). ParrotOS also slowed me down a bit on the priv esc. Overall, the technical difficulty is low for this box, but it can still take some time to find what you need. PM for a nudge if you need it.

Enjoyed this box, got the link between the name of the box and the exploit very quickly. Getting a stable shell was annoying so took a while to get the password from its storage spot. Root was fun, after I read the blog post, I knew which part of it I needed just took a little bit of working out how to craft the payload so the install didn’t hang on target.

I really liked this box. It is quite easy to find the basic user. But as far as root is concerned, it is much more complicated, I have to do a lot of research. I’m still quite a beginner. I should advance in my learning before tackling the boxes. But hey, this one is very fun.

Really cool box, relatively straight forward. The name of the box is a pretty good hint for the initial access, and for root you need to GTFO and look online for it :wink: