Official Armageddon Discussion

I really liked this box. It is quite easy to find the basic user. But as far as root is concerned, it is much more complicated, I have to do a lot of research. I’m still quite a beginner. I should advance in my learning before tackling the boxes. But hey, this one is very fun.

Really cool box, relatively straight forward. The name of the box is a pretty good hint for the initial access, and for root you need to GTFO and look online for it :wink:

Pretty straightforward. Lost most of my time trying to get a real tty post-exploit, but ended up giving up. Closest I got was the error “out of pty devices”.

Anyone managed to get a shell as a****e?

Hello, could someone DM me to give me some nudge? I have the shell active, I have the ml creds and b********** username (not the pwd yet)
I can’t connect to the m***l, it gives me an error that I’m not able to pass.
Thanks

Type your comment> @N0ir said:

Hello, could someone DM me to give me some nudge? I have the shell active, I have the ml creds and b********** username (not the pwd yet)
I can’t connect to the m***l, it gives me an error that I’m not able to pass.
Thanks

Nevermind! Rooted :smiley:

I spent half day trying to work around crafting my own payload for obtaining root… And you know what? I had correctly crafted payload at the beginning but it didn’t work so I assumed it is wrong when it wasn’t!
So from above my most critical nudge is - make sure box is fresh (rebooted) before trying to execute your root payload ! Or check s*** ch***** log to see if someone before you already tried to load something wrong (which I guess is either breaking s*** or keep it hanging) - if so reboot the box; if log is empty then work away.

User was pretty easy, just keep in mind how normally CMSs are being setup/configured and so you know where to look for the user.

Root was pretty obvious after getting user and few minutes of research in google…

pm me if need hints.

hopefully not a spoiler but if you get the “Native builds aren’t supported” error there is a good youtube video from 2017 that will help build with containers

got root …
Very interesting box, specially the post exploitation part.

User: Easy; if you find what component need to get exploited

Root: Medium; Straight forward but you need to work on to get what you need !

PM me for nudges ! :wink:

stuck at getting root user

Finally rooted my first box on HTB.

Foothold: Do some enumeration and find out what is being used in order to help you find what is vulnerable

User: Do some digging around. Look at what the website is being run by and how it saves information and find the source to your problem

root: What are your options? What can you do with your options? Do your options work? If not, how are you able to fix it? Sometimes it might require to think outside the box and maybe craft your own.

PM me for assitance

I thought I saw a way to root the box on GTFObins using fpm to simplify the crafting process but I get an error "error: cannot perform the following tasks:…’ , should it work or I really have craft the whole thing from scratch?

let me know if you need any hints
i wont tell you the whole key
ill give you only hints no spoilers

got root

Finally gain root access. Everything you need is already on this forum. Feel free to ask if you need help…

i got m****p***** Sh**l but have no idea how to find user and escalate privilage

The dirty thing exploit doesn’t work because sna* version is superior, but you can extract the payload and create a sna*. I faced a problem with existent dirty user so need to unsquash the sna*, edit commands removing user and group and recreate the sna* with mksq*. There are precise arguments. Search on internet.

Rooted, fairly easy machine, too much data can be intimidating and thus I went on wrong path sometimes, but overall a nice fun machine.
Foothold: name and tech
User: check for important thing and no need to leave the current dir
Root: You could be as strong as you want

PM if you need help

i learned new privlige method. :
Research more!
sometimes some files are easy to read. However, using that information in a ready-made system may require some research.

And Python is awsome

Getting on to the machine was a piece of cake using a certain known Kali tool.

I’m not going to lie I had to get some help to root this machine. I’m not sure how this is a easy box but wow you need to think outside the box.

Basically when you come across the command to exploit, you will come across something interesting in your research, you can use this to CRAFT something simple as others are saying. Don’t over think it like i did. Just check what it is doing and then go from there.

i got a problem after installing file.s*** the d*s user not exist anyone knows how to fix this?