Hint for Sunday

Just rooted this. Feel free to PM me if you need a nudge. :slight_smile:

I managed to get the root flag, but I don’t know how to get a root shell, which make me think that maybe I didn’t get it the right way. Can someone PM to see if I got it the right way?

Finally got root flag, will have to thank @macw141 and @UN1X00. sorry for irritating you guys, but hints got me through.

Got root, lovely little box,

any hint, I login into the machin but can read user.txt …

hey guyzz, need a pointer.
got in,
found a troll…its trolling me,
any hint how can i troll the troll ??? hahaha

I’m also stuck on the priv esc from the first user, if someone can PM me with some hints, it would be greatly appreciated

Wow, enumeration really is your bread and butter, I’m kicking myself for not checking (spoiler) location first, I was able to get the second user within five minutes after looking there

Everyone seems to have guessed the initial password easily. I have enumerated users using the service on the lowest port and tried hydra -e nsr + other guesses based on the name of the box to authenticate to port xx0xx. Brute forcing with a larger wordlist would take days over my connection. What else should I be trying?

Ive read that peopl are getting more than 2 ports open on their scans. I was able to enumerate users on one of the services but get authentication errors on the other port. I am only getting those two ports and nothing else. When trying to scan on the Free servers it is taking ridiculously long. Is this normal, can someone point me in the right direction?

ok… I got user.txt and am having trouble with root… I really have no idea what to do next :frowning:

alright nevermind… I got it finally… fml!

Any subtle hints on how to Privesc using that **do application? Cant see any thing i can use to leverage on.

the idiot that keeps changing the sudeors file. YOU DONTTTT NEEEEEDDDDDD TO CHANGEEE ANYY FILEEEE!!! worst case, if you edit it and you see an error JUSTTTT GETT ITT BACK THE SAME ■■■ IT WASSSSSS. HTB should ban people that crash the box for like 30 min from using it

so i’ve got some users enumerated… i’ve found out the ports open, but i really cannot get in… there seems to be something that i am missing… many of the comments have confused me… need a nudge how to get an initial foothold.

@pzylence - I am in the same position. Found a bunch of default users, and tried to guess the password… which should be something super obvious that’s often done on HTB or in CTFs in general. Seems I have no luck this time - I managed to guess the obvious / “in your face” credentials for Nibbles and Valentine, but I find this challenge e much more difficult and less obvious. So far I tried - unsuccessfully - with a wordlist of my own with about 200 seemingly obvious guesses for passwords (trying to apply my Nibbles or Valentine mindset ;-)), tested against all the users I know.

As all the users that I could find easily are default users, and none of them had logged on before, I wonder if you also have to guess additional users / use a more exhaustive wordlist for users. I already tried some “obvious” additional users not on the default wordlist (that the enum tool uses that I suppose many here are using).

But I am not ready to give up and use a huge wordlist - I take a break and wait for inspiration to hit me with ideas for new “obvious” usernames and passwords :slight_smile:

I’ve tried all sort of things with the s*** from Sammy, I cannot read nor download files with no permissions. Overwriting important files is not working either. Can I get some hint? I’ve read certain man pages like 5 times now…

I need help for priv esc, PM me please

Shoutout to everyone who feels the need to change all the passwords.

I see the tool I need to use for root but keep getting “No permission to list directory.” Any hints would be rad.