I was in the same point, I had no clue where to go next, so I quit
Edit: There is an unintended way in the machine, and I see I can do something, but I guess it was the unintented path, not sure thou
I was in the same point, I had no clue where to go next, so I quit
Edit: There is an unintended way in the machine, and I see I can do something, but I guess it was the unintented path, not sure thou
I thought I found an unintended path related to common exploits for a privilege using a popular root vegetable. However, I got nowhere and I think the unintended routes have been patched.
Sadly I am left with no idea how to progress this beyond a low priv shell! I’ve given up on it for a while to see if something makes my brain work better soon!
Pretty much at same point as everyone else, managed to get root flag using unintended path before it was patched but couldnt get user flag using same method. If the veg path is also patched have no ides where to go now.
![Foalma321] (https://www.hackthebox.eu/badge/image/74636)
I was in the same point, I had no clue where to go next, so I quit
Edit: There is an unintended way in the machine, and I see I can do something, but I guess it was the unintented path, not sure thou
I thought I found an unintended path related to common exploits for a privilege using a popular root vegetable. However, I got nowhere and I think the unintended routes have been patched.
Sadly I am left with no idea how to progress this beyond a low priv shell! I’ve given up on it for a while to see if something makes my brain work better soon!
No, I never got any further inspiration and then haven’t had time to get back on the boxes. Maybe in a week or so - but still no idea how to actually do it.
Eventually got root. I was stuck for a while like everyone else trying things with the veggies collection but that’s dead end afaik. All the hardening on the box is there for a reason: preventing such quick and easy path.
It’s difficult when being apparently this close from the crown jowels but here there’s no choice but to take a step back and think of another path.
When the veggy won’t work, try the good’old doggy
amazing box, difficult in the sense there are a lot of steps but there’s no ctfish trick, everything makes sense.
Mad respect to @camk and @dombg for their suggestions and tips. Anyone doing this now don’t waste time trying to break out of ur restrictive shells with ssh or reverse shells. Just look for ways to execute commands as the intended user.
> @angryb1rd said: > Hi guys! A small question - on one of the steps after “doggies” there is a need for reverse engineering again?? it doesn’t matter, solved this part already!
Downloaded the obvious files from **p and they tell you what kind of attack you’re meant to do but I can’t find any info on performing that attack against any of the available services.
Got the machine name and domain name from L*** but other than that I can’t get any info about potential usernames or anything that I could use to brute force any services with.
I know its rated as insane difficulty and tbh I’m not expecting to complete the whole thing but I feel like I’m missing something obvious here for the foothold. Everyone else is talking about RE and I’ve got nothing I could even do that with. Anyone care to give me a nudge in the right direction (no big spoilers though please) ?
After trying hard and watching 3 videos writeup and reading 4 different writeup, just taking notes from what I learnt on this one took me more than 10 hours I’d say.
Long story short, I know it’s the best box I’ve been through in here so far; so many thanks to @CyberVaca and @3v4Si0N → your box is awesome!
Now that I have the solution ; I’ll try to do it on my own without looking at my notes
EDIT: ROOTED! so I did it, all alone… after having watched the solution ok… but still Took me 5 hours non stop!