Official Pit Discussion

Rooted, was not easy, but like my honorable predecessors i learned a lot… And need to sleep now ! Thanks @R3m0tE for the “no spoiling” hint. I’ll be happy to help if i can.

I know what I am doing to achieve the root, but I don’t know what is missing here.
I have written script to run (where I cant see it) and I am triggring it with walking.
but it doesn’t seems to work. not even echo command into some file.
By the way, this might be an hint for some others.

got the user, but not sure how to proceed, though i’m almost certain c****it is involved. Looking into parameter tampering right now, but not sure if i’m missing something besides the username by stepping outside for some exercise?

Finally after few nudges Rooted !! Msg me if you need help .

uff… tough machine, need a hint from here couse usually i dont do this scan, if anybody need help just let me know

Can get a foothold, albeit briefly. Seems somewhat random when cut off and have to re-do it. Spending a lot of time trying to figure out how to maintain a foothold session to do any recon … any little tips for this?

Hi, I need help withthe foothold. I found the c*****t application.

Had to get quite a few nudges on this one, but finally rooted it. Definitely learned a lot about the protocol, but I think it will take a bit more studying to actually “understand” all the pieces. Feel free to message me for nudges.

Type your comment> @luckythandel said:

I know what I am doing to achieve the root, but I don’t know what is missing here.
I have written script to run (where I cant see it) and I am triggring it with walking.
but it doesn’t seems to work. not even echo command into some file.
By the way, this might be an hint for some others.

2 things, check your filename, and if on your own box like kali, you may need to setup your M**S. Can DM if you need help. :slight_smile:

Type your comment> @jps3 said:

Can get a foothold, albeit briefly. Seems somewhat random when cut off and have to re-do it. Spending a lot of time trying to figure out how to maintain a foothold session to do any recon … any little tips for this?

if you have RCE, try looking for some config files, maybe there is some password reuse type stuff you could try if you had db creds.

Hi,
I need some help with the RCE to get the foothold. I can upload file, but I have problem in executing it.

I’m almost the> @Niotop said:

Hi,
I need some help with the RCE to get the foothold. I can upload file, but I have problem in executing it.

check the availability of the folder d*** from initial

Finally rooted. This was an interesting box because it pushed me to study a protocol that honestly I know too little.

Foothold/User: The big hint was in the twitter account of HTB. Once you understand what the main purpose of the box is, enumerate (google will help you out). Enumeration will lead to the main entrance. Look beyond what you see! You will then move to another place that’ll give foot in the box.

Root: Initial enumeration (in case enumerate again deeper) will let you know there’s something worth investigating. Once you spot it is a privilege escalation classic, minus the fact that the triggering point is a bit different (bear in mind the main theme of the box).

A good “walk” sometimes can clear you mind.
Thanks for the box!

Done. Took me longer than it should have due to a typo near the end. Like others above I learned a lot about a protocol I hadn’t used much before. It was also cool to see one of the classic exploits come back with a new twist.

Thanks @polarbearer and @GibParadox for a fun box.

The hints just before this from @alemusix are pretty good. But if you need more help feel free to PM.

Hey, can someone please explain me the last part of the root? I think i got the root with the help of another guy exploiting stuff…

Finally got rooted !!! Difficult box I think…

I’m a noob. Don’t have been able to find anything useful on s*** protocol. I activated full descriptions. I know of c**t daemon but I believe it’s for root part. I think I have to catch credentials on that ■■■■ s thing… :neutral: or get a shell with execute command but I had no luck.

@dylvie if you need help dm me.

Does anyone else experience strange timeouts while walking? I’ve asked some friends and they were able to walk much furher than me without any timeouts. I’ve also tried restarting the box (VIP+) and using three different vms/os - always the same problem.

I haven’t had issues with timeouts but I have burned a tonne of time trying to understand what to do. I can scan and see a vulnerability for pp-f** on n**x but can find no place to attack with that. Otherwise - I am totally stuck. If anyone has a nudge I’d be really grateful.