Dev0ops hints

@Narmu you need to log in to the machine to find a way to privesc. Reverse shell is a good idea :slight_smile:

Oups, sorry for spoilers, first time i post on the forum, will not happen again !

I just canā€™t find a working exploit for thix box. :frowning:

Iā€™m not that old on htb but iā€™ve root few boxes and nerve use kernel exploit, priv esc are not just using a kernel exploit ā€¦ Think about it :slight_smile:

@Didakt said:
Spoiler Removed - Arrexel

Any tips here ?
Thanks !

well I am s> @lokori said:

This is not strictly a hint, but the machine was designed to not require arbitrary guessing or finding the right wordlists because I donā€™t really like that kind of hacking :slight_smile: So the hints are not hidden, they are there. I hope you like it.

Okay this is little misleading or at-least was for me [not require arbitrary guessing or finding the right wordlists] you still have to do it; do your basic enumeration steps and later comes the part where you can be creative. @lokori It indeed is a good machine :slight_smile:

@ph3on1x :slight_smile: yes, you have to think analytically though you donā€™t need to make an arbitrary guess out of nowhere :slight_smile: or bruteforce with wordlists.

Iā€™m struggling to get the initial part done. Going to come back to it later with a fresh mind.

@lokori nice box. Alot of similarities to others but allows you to continue fine tuning those methods of exploitation. Once on and some additional reading on the technology I was surprised with what I found.

@lokori Well done dude, I enjoyed that box.

@genxweb similarities to one other machine were totally coincidental. That machine hadnā€™t been released when I submitted this :slight_smile:

Anyone in priv ESC plzz , I ve read a lot but canā€™t get the right way

Rooted !
Very cool box, thanks to the creator :slight_smile:

And the first hint some one gave for priv esc was just perfect :

ā€œFar far ago, there was a man that could view back into the past, and see alternated versions of realities , how did he do that mate?ā€

Think about it !

Thanks for the box

@Didakt I donā€˜t get it. :frowning:

Its an intentionally easy box, you guys just need to observe the files and see what path you can go down. Doesnā€™t even need much enumeration lol

@Didakt Thatā€™s a great tip. @Fluxx79 that and the name of the box are two big clues. Donā€™t focus on enum scripts for this box, I donā€™t know if they would help, but they definitely arenā€™t necessary.

Really Struggling with this box, been trying to upload all sorts, any hints would be appreciated - Just getting Internal Server Error

Such a good box! Relatively new to this but so far thatā€™s the best one so far, top job @lokori
For priv the hint given earlier is spot on!!

@Fluxx79 said:
I just canā€™t find a working exploit for thix box. :frowning:

If you cannot find a working exploit then maybe there is a flaw by the user? You might want to check that out.

I am stuck after enumerating and gotten 2 service. Try to browse 1 of the service but couldnt find anything that is useful for me to continue. Seems like I am missing a page to work on. Anyone can PM ?

@yyhh01 said:
I am stuck after enumerating and gotten 2 service. Try to browse 1 of the service but couldnt find anything that is useful for me to continue. Seems like I am missing a page to work on. Anyone can PM ?

You might wanna om about the service :smiley: