Irked

debeMechero · December 12, 2018, 3:32pm

finally got root!

lukastu · December 12, 2018, 9:32pm

Huge thanks to @Baikuya - in the end root is easy… once you know how to get it. Learned a lot digging around.

brohlm · December 13, 2018, 12:23am

Huge thanks for all. Finally, I got shell and root.
I learned a lot with the box, like fundamentals for enumeration and many other things for initial study.

noobsaibot81 · December 13, 2018, 1:35pm

Hello

friends someone can give me a clue as to what bin it takes to climb privilege.

Salu2

myNameIsRay · December 13, 2018, 3:16pm

Thanks AzAxIal, root was driving me nuts.

B34N13 · December 13, 2018, 8:01pm

Been spending hours on Privesc. Can anyone please PM for help? I’m tracking “enumerate” (duh, always the answer, doesn’t help) and there’s a unique bin. Tried some stuff but nothings been working (least I’ve learned a ton!). Thanks!!

B34N13 · December 14, 2018, 6:03am

Came back to this and finally rooted!!! Definitely had to live by the motto Try Harder. PM for help. I was getting so frustrated and spent a TON of time on PrivEsc, but finally getting it feels amazing.

Biggest tip that helped me that I think will help others – when you look something up, include the full path and if you can’t get any search results that make sense for a Linux system, that might be something to explore.

Tim0x01 · December 14, 2018, 7:11am

Privesc is totally flying over my head. I’ve viewed an unusual bin that seems to take input from a file we can tmper with. Various things that seem sensible to put in that file all result in errors. I’d be interested to hear how people worked out the correct way to use it.

dplastico · December 14, 2018, 6:14pm

hello! Im new in HTB just start this machione and got a low priv shell… a question the flags are located always in a specific folder “oscp” like? Or are they anywhere on the box? Thanks!

gm0 · December 14, 2018, 6:34pm

Got the root flag at last!

Most of this was pretty straight forward and a useful exercise in going over things I had not done for a while.

The process you need to follow to get the root flag IMHO is pretty daft, in some ways too simple and a little unrealistic but it is what it is and i’m grateful for the experience and to @MrAgent for making the box.

MrAgent · December 14, 2018, 6:51pm

Glad you liked the box. I actually did see something like this on an engagement not too long ago.

masterrabbit · December 14, 2018, 8:33pm

This box seems so unstable…

Whilst I wait, any tips on where or what the .b***** is!? I see this threat is very helpful but no idea.

Am I looking at the files presented in my initial shell?..

Please PM if happy to help a newbie hacker…

TheEld3r · December 15, 2018, 2:12am

I need some help for the final piece. New to linux, so not sure what to look for. Followed all enumeration tips, but don’t really know what looks odd… All of Linux looks odd to me.

crstice3 · December 15, 2018, 5:48am

So, this box is my first live box and only my second box total. Its pretty clear to me that a mentor would be beneficial haha. Anyone able to give me something to read on or study to help me learn how to get root on this box?? Thanks in advance!

crew · December 15, 2018, 9:26am

@crstice3 said:
So, this box is my first live box and only my second box total. Its pretty clear to me that a mentor would be beneficial haha. Anyone able to give me something to read on or study to help me learn how to get root on this box?? Thanks in advance!

Ranger11danger · December 15, 2018, 8:06pm

was able to get a low level shell but am having a hard time getting user, i can see the user.txt but cant access it, I’ve tried several Enum scripts and found a SUID command that looks interesting but don’t know if i am just going down a rabbit hole. Any PM to just let me know if I’m headed in the right direction would be greatly appreciated

3mrgnc3 · December 15, 2018, 10:02pm

@ChaDDeRs said:

@TheMightyQuinn said:
Hey, so I just joined HTB a couple of days ago, and based off community ratings, this seems like it’s supposed to be an easy box. Maybe it’s just that I personally have basically zero experience with CTF-type challenges, but I just can’t seem to get anywhere. I’m seeing a lot of hints about what to do once you have a reverse shell, but I can’t even get that far. I admit it is quite possible that HackTheBox is just currently above my skill level, but if that’s the case, where might I go to get more beginner experience?

Honestly, VIP on here is really good because you get to practice on the retired boxes and they have writeups, you can follow along and get an idea of the methodology used.

Watch IppSec on youtube and of course google the gaps in your knowledge.

sanre · December 16, 2018, 3:42pm

Rooted. There seems to be multiple attack vectors for root. If you had any cool methods, please PM!

masterrabbit · December 16, 2018, 5:44pm

Using a tool like opst* on the obvious image, but does not like the passwd found in the b*****p file…

What am I doing wrong?

UPDATE: GOT IT! Needed to use a different tool. Now onto root! (reading back over all posts in here!!)

zz123 · December 16, 2018, 7:27pm

Finally completed the machine if have any query feel free to ask.