@Narmu you need to log in to the machine to find a way to privesc. Reverse shell is a good idea
Oups, sorry for spoilers, first time i post on the forum, will not happen again !
I just canāt find a working exploit for thix box.
Iām not that old on htb but iāve root few boxes and nerve use kernel exploit, priv esc are not just using a kernel exploit ā¦ Think about it
@Didakt said:
Spoiler Removed - ArrexelAny tips here ?
Thanks !
well I am s> @lokori said:
This is not strictly a hint, but the machine was designed to not require arbitrary guessing or finding the right wordlists because I donāt really like that kind of hacking So the hints are not hidden, they are there. I hope you like it.
Okay this is little misleading or at-least was for me [not require arbitrary guessing or finding the right wordlists
] you still have to do it; do your basic enumeration steps and later comes the part where you can be creative. @lokori It indeed is a good machine
@ph3on1x yes, you have to think analytically though you donāt need to make an arbitrary guess out of nowhere or bruteforce with wordlists.
Iām struggling to get the initial part done. Going to come back to it later with a fresh mind.
@lokori nice box. Alot of similarities to others but allows you to continue fine tuning those methods of exploitation. Once on and some additional reading on the technology I was surprised with what I found.
@genxweb similarities to one other machine were totally coincidental. That machine hadnāt been released when I submitted this
Anyone in priv ESC plzz , I ve read a lot but canāt get the right way
Rooted !
Very cool box, thanks to the creator
And the first hint some one gave for priv esc was just perfect :
āFar far ago, there was a man that could view back into the past, and see alternated versions of realities , how did he do that mate?ā
Think about it !
Thanks for the box
@Didakt I donāt get it.
Its an intentionally easy box, you guys just need to observe the files and see what path you can go down. Doesnāt even need much enumeration lol
@Didakt Thatās a great tip. @Fluxx79 that and the name of the box are two big clues. Donāt focus on enum scripts for this box, I donāt know if they would help, but they definitely arenāt necessary.
Really Struggling with this box, been trying to upload all sorts, any hints would be appreciated - Just getting Internal Server Error
Such a good box! Relatively new to this but so far thatās the best one so far, top job @lokori
For priv the hint given earlier is spot on!!
@Fluxx79 said:
I just canāt find a working exploit for thix box.
If you cannot find a working exploit then maybe there is a flaw by the user? You might want to check that out.
I am stuck after enumerating and gotten 2 service. Try to browse 1 of the service but couldnt find anything that is useful for me to continue. Seems like I am missing a page to work on. Anyone can PM ?
@yyhh01 said:
I am stuck after enumerating and gotten 2 service. Try to browse 1 of the service but couldnt find anything that is useful for me to continue. Seems like I am missing a page to work on. Anyone can PM ?
You might wanna om about the service