Official pivotapi Discussion

Type your comment> @f1rstr3am said:

When you finally stumble out of that strange RE experience, you guess your way to RCE and realise you are still in prison…

In the same position now. Using RCE to slowly look around, but the environment seems very restricted.

I was in the same point, I had no clue where to go next, so I quit
Edit: There is an unintended way in the machine, and I see I can do something, but I guess it was the unintented path, not sure thou

@kabutor said:

I was in the same point, I had no clue where to go next, so I quit
Edit: There is an unintended way in the machine, and I see I can do something, but I guess it was the unintented path, not sure thou

I thought I found an unintended path related to common exploits for a privilege using a popular root vegetable. However, I got nowhere and I think the unintended routes have been patched.

Sadly I am left with no idea how to progress this beyond a low priv shell! I’ve given up on it for a while to see if something makes my brain work better soon!

Pretty much at same point as everyone else, managed to get root flag using unintended path before it was patched but couldnt get user flag using same method. If the veg path is also patched have no ides where to go now.
![Foalma321] (https://www.hackthebox.eu/badge/image/74636)

Did anyone manage to root with veg path? Tried R***e veg but nothing so far.

Type your comment> @TazWake said:

@kabutor said:

I was in the same point, I had no clue where to go next, so I quit
Edit: There is an unintended way in the machine, and I see I can do something, but I guess it was the unintented path, not sure thou

I thought I found an unintended path related to common exploits for a privilege using a popular root vegetable. However, I got nowhere and I think the unintended routes have been patched.

Sadly I am left with no idea how to progress this beyond a low priv shell! I’ve given up on it for a while to see if something makes my brain work better soon!

Did you get anywhere?

@byt3punisher said:

Did you get anywhere?

No, I never got any further inspiration and then haven’t had time to get back on the boxes. Maybe in a week or so - but still no idea how to actually do it.

Eventually got root. I was stuck for a while like everyone else trying things with the veggies collection but that’s dead end afaik. All the hardening on the box is there for a reason: preventing such quick and easy path.

It’s difficult when being apparently this close from the crown jowels but here there’s no choice but to take a step back and think of another path.

When the veggy won’t work, try the good’old doggy :wink:

amazing box, difficult in the sense there are a lot of steps but there’s no ctfish trick, everything makes sense.

Finally managed to move forward from the restricted environment, and got the user flag :slight_smile:

EDIT: Got root. The hint from @mfidel about dogs is a good one. Lots of steps from user to root, but the path is fairly clear.

Thanks @CyberVaca and @3v4Si0N for an excellent box!

Got user thanks to @mfidel @camk @davad now onto root with the dog!

Nice work @byt3punisher Release the dogs!

Finally got root. Very fun box, really enjoyed it! :slight_smile: Required a couple of hints and tooling advice on this one… I have learned a lot.

Happy to help, if anyone needs a nudge.

Mad respect to @camk and @dombg for their suggestions and tips. Anyone doing this now don’t waste time trying to break out of ur restrictive shells with ssh or reverse shells. Just look for ways to execute commands as the intended user.

Hi guys! A small question - on one of the steps after “doggies” there is a need for reverse engineering again??

> @angryb1rd said: > Hi guys! A small question - on one of the steps after “doggies” there is a need for reverse engineering again?? it doesn’t matter, solved this part already!

Hi guys ! Got user after more than two months of suffering.
Thanks again @camk for his help.

Thanks @dombg

Hello guys!
I released the dogs and managed to change the dr pass. , although I found the operators but i cant abuse the ACL…

Any hints please :smiley:

I can’t even get started with this :sweat_smile:

Downloaded the obvious files from **p and they tell you what kind of attack you’re meant to do but I can’t find any info on performing that attack against any of the available services.

Got the machine name and domain name from L*** but other than that I can’t get any info about potential usernames or anything that I could use to brute force any services with.

I know its rated as insane difficulty and tbh I’m not expecting to complete the whole thing but I feel like I’m missing something obvious here for the foothold. Everyone else is talking about RE and I’ve got nothing I could even do that with. Anyone care to give me a nudge in the right direction (no big spoilers though please) ?

Hm, ok. So I could not crack that one open !

After trying hard and watching 3 videos writeup and reading 4 different writeup, just taking notes from what I learnt on this one took me more than 10 hours I’d say.

Long story short, I know it’s the best box I’ve been through in here so far; so many thanks to @CyberVaca and @3v4Si0N → your box is awesome!

Now that I have the solution ; I’ll try to do it on my own without looking at my notes :wink:

EDIT: ROOTED! so I did it, all alone… after having watched the solution ok… but still :wink: Took me 5 hours non stop!

Thanks again, I really liked that one !

2 Likes