Official Knife Discussion

13567

Comments

  • Quite interesting learned one new thing. Got user without shell

  • Finally! If anyone needs a nudge, send me a message :)

  • Type your comment> @azzafazza said:

    I am a complete noob to this so I found root very hard (basically i've done maybe 3 boxes before this one, I have no idea what I am doing). I now have a bit of a process I will go through when I first get on a box, because I assume root was very easy for anyone with half a brain cell (unlike me).

    Don't beat yourself over it lol, it all comes with experience. This was actually a pretty good machine for beginners cause it covers the basics for Linux privilege escalation, but it's only easy if you've done something similar to it before.

    Hack The Box
    Always do whatever is next.

  • Managed to get user after modifying my google search per some suggestions. Funny how it was staring me in the face and needed some prodding. Root on the other hand is escaping me atm. I'm pretty new to this and know the command I need to run but after reading of the docs for it I am having trouble getting root. If anyone can DM me a nudge it would be greatly appreciated. I know it also staring me in the face but I don't see it.

  • Any help for Foothold? Been trying for a couple of hours to no avail.

  • Thank you for the box MrKN16H.
    Foothold/User: I hate to repeat what everyone else has said here but it really is as simple as identifying the abnormal version of something and doing a bunch of research. Once you find the door some nice people made it really easy for you. And yes I believe them to be Chinese.
    Root: Read the large help file. Once you see the command you can use, make sure you keep in mind the language it is written in.
    PM me fore nudges if you'd like.

    b0ssk

  • Spoiler Removed

  • Finally rooting I was blocked for the foothold because my google skill is lousy.
    Root is very easy
    PM for help

    SpawnZii

  • Type your comment> @Err0rBladE said:

    Spoiler Removed

    Spot on.
    Foalma321

  • Easy but nice box:) Here are some hints :smile:

    -Foothold : look at http headers, maybe a vulnerable service is present ?

    -Privesc : the easiest part, just look at what this tool can do.

  • Rooted, the foothold was the hardest part, PM for help

  • Happy to see a box rated as 'Easy' actually living up to it's grade.
    Foothold was new to me, so glad to have that in my future toolbox. Thanks!

    Red Team

  • edited May 24

    Unable to start machine!~ everytime showing an error occurred.

  • Need help with root part, i think i missed something, but need help

    If i helped you, i would like to receive a respect
    Hack The Box

  • Got root this morning. I was way overthinking it. Depending on how far you are into this fun I suggest not overthinking it. Read the docs on what you learn you can do. Memory is still fresh and in hind sight I went down rabbit holes that didn't need going down. If you need a nudge PM.

  • Anybody have issues using s**? I chmod'd the file as per usual but no luck.

  • I tried the s** route as well and gave up pretty quickly. Found while it would be nice and stable didn't need it.

  • Wow, that was easier than I anticipated. User took me 30mins but root was a little trickier. Overall
    1. Foothold -> enumerate machine and all services running – google it!
    2. User -> with foothold You have everything You need.
    3. Root -> try basic privesc to find something “edgy”

    Thanks’ for the box MrKN16H
    Feel free to PM me for nudges!

  • Rooted nice little box.

    Foothold/User: check everything don't leave any stone unturned. Eventually you'll find the crack in the system
    Root: basic enumeration

    Thanks for the box!

    alemusix

  • Type your comment> @decrypto said:

    I tried the s** route as well and gave up pretty quickly. Found while it would be nice and stable didn't need it.

    Yeah now I'm reading up on the food making process, I've narrowed it down, I think I'm close.

  • Finally gain root access !!!
    All the hints are already given in this forum... But if you are stuck, feel free to PM me, I will help you with pleasure without spoiling...

  • Rooted!

    uid=0(root) gid=0(root) groups=0(root) [email protected] #

    Overall a very very beginner friendly box - which I think is why the ratings are the way they are. Could the foothold have been more difficult? For sure.

    User

    I got a little lost in bad habits from prior boxes. Once I reached a dead end I had to go back to the drawing board after which finding the vulnerable piece of the puzzle and your key is not hard at all.

    number one tip is to make sure to consider all layers of the attack surface.

    Root

    Your nose should pick up a scent after some very very basic enumeration within your user shell. Either manual or automated testing will lead you to something that can be used to your advantage,

    Google + documentation reading is your friend here. Think of what will benefit you the most and figure out how to (ab)use it. Hint: a full TTY is handy here.

    Feel free to P.M. for nudges! GL :)

    Unix fanboy
    Website: 0xAsh.io
    Ashh

  • Hi all .
    I am a noob and this is my first box.

    I did nmap and nikto scans, but i am unable to move forward anywhere. Any hint would be helpful.

  • This is really an easy machine, rooted in around 30 minutes. PM me if anyone need a nudge.

  • edited May 25

    Hi,

    is it normal that all ports appear to be filtered on this one? I tried all my firewall bypassing techniques, tried different scanners, still no luck. Quick feedback would be nice! :) EDIT: I'm unable to ping the target, but this could simply mean it does not respond to icmp requests, hence firewall.
    EDIT2: nevermind, did not notice that I had to change VPN servers to release arena^^

    dombg

  • The foothold was so simple that it made me self doubt my skills

  • Rooted, thanks @XMallory and @c4r50nz for some nudges...foothold is a bit hard but root is straight foward just read the manual and a bit of googling to create the payload

  • Nice enjoyable box. it should just be all enumeration and reading documentation.

    I hacked something that worked enough for me to get root, but I'm sure there's a more elegant way, but my way worked enough

    Parttimesecguy

  • I ned help to privesc please

    Hack The Box

  • Type your comment> @Aquilino said:

    I ned help to privesc please

    rooted thanks @busshi for help me

    We are connected!
    id;hostname
    uid=0(root) gid=0(root) groups=0(root)
    knife

    Hack The Box

Sign In to comment.