Official Armageddon Discussion

Jier · May 4, 2021, 10:40pm

Hey all,

I’m like 99% into getting root, i just need some help with the very last part of the privesc. I understand the parts but i do not understand the tools or the related exploit code enough to know exactly what to do next. I’ve tried googling around but I’m not really sure what to look for. I can list off what i’ve tried in a PM if anyone is around.

Jier · May 5, 2021, 1:06am

Update: I was able to figure root out on my own by going back to a certain blog post by someone who discovered a relevant exploit. Lists exactly how he CRAFTED it and our user has a specific ability we can use. My suggestion is to read this block post top to bottom, then look at the source code to see what it is trying to do.

Notice, this exploit is failing because the /exploit/ itself is blocked, but because of the special permissions our user has we may just have what we need to circumvent the exploit and do waht the exploit intended anyways.

I’m glad i dug deep into this and figured it out on my own, very rewarding.

Sosh0ck · May 5, 2021, 11:25am

Don’t forget to reset your machine, it was help me with root

kaustuvP · May 5, 2021, 11:40am

Spoiler Removed

kaustuvP · May 6, 2021, 6:09am

Spoiler Removed

Hazard · May 6, 2021, 3:31pm

This box took me a lot of time. Most of that time was spent looking for the initial user creds after getting the foothold (since I wanted to avoid brute forcing). ParrotOS also slowed me down a bit on the priv esc. Overall, the technical difficulty is low for this box, but it can still take some time to find what you need. PM for a nudge if you need it.

flymomike · May 6, 2021, 10:28pm

Enjoyed this box, got the link between the name of the box and the exploit very quickly. Getting a stable shell was annoying so took a while to get the password from its storage spot. Root was fun, after I read the blog post, I knew which part of it I needed just took a little bit of working out how to craft the payload so the install didn’t hang on target.

Onibi · May 8, 2021, 1:17am

I really liked this box. It is quite easy to find the basic user. But as far as root is concerned, it is much more complicated, I have to do a lot of research. I’m still quite a beginner. I should advance in my learning before tackling the boxes. But hey, this one is very fun.

cstewart · May 8, 2021, 4:19pm

Really cool box, relatively straight forward. The name of the box is a pretty good hint for the initial access, and for root you need to GTFO and look online for it

stbl · May 9, 2021, 9:45pm

Pretty straightforward. Lost most of my time trying to get a real tty post-exploit, but ended up giving up. Closest I got was the error “out of pty devices”.

Anyone managed to get a shell as a****e?

N0ir · May 10, 2021, 9:46am

Hello, could someone DM me to give me some nudge? I have the shell active, I have the ml creds and b********** username (not the pwd yet)
I can’t connect to the m***l, it gives me an error that I’m not able to pass.
Thanks

N0ir · May 10, 2021, 11:15am

Type your comment> @N0ir said:

Hello, could someone DM me to give me some nudge? I have the shell active, I have the ml creds and b********** username (not the pwd yet)
I can’t connect to the m***l, it gives me an error that I’m not able to pass.
Thanks

Nevermind! Rooted

al3ksec · May 12, 2021, 10:35pm

I spent half day trying to work around crafting my own payload for obtaining root… And you know what? I had correctly crafted payload at the beginning but it didn’t work so I assumed it is wrong when it wasn’t!
So from above my most critical nudge is - make sure box is fresh (rebooted) before trying to execute your root payload ! Or check s*** ch***** log to see if someone before you already tried to load something wrong (which I guess is either breaking s*** or keep it hanging) - if so reboot the box; if log is empty then work away.

User was pretty easy, just keep in mind how normally CMSs are being setup/configured and so you know where to look for the user.

Root was pretty obvious after getting user and few minutes of research in google…

pm me if need hints.

neuroplastic · May 16, 2021, 6:54am

hopefully not a spoiler but if you get the “Native builds aren’t supported” error there is a good youtube video from 2017 that will help build with containers

Element92 · May 16, 2021, 11:49am

got root …
Very interesting box, specially the post exploitation part.

User: Easy; if you find what component need to get exploited

Root: Medium; Straight forward but you need to work on to get what you need !

PM me for nudges !

m4k4r4 · May 16, 2021, 4:02pm

stuck at getting root user

AstheticPotato · May 17, 2021, 2:51am

Finally rooted my first box on HTB.

Foothold: Do some enumeration and find out what is being used in order to help you find what is vulnerable

User: Do some digging around. Look at what the website is being run by and how it saves information and find the source to your problem

root: What are your options? What can you do with your options? Do your options work? If not, how are you able to fix it? Sometimes it might require to think outside the box and maybe craft your own.

PM me for assitance

letourneaualex · May 17, 2021, 7:01pm

I thought I saw a way to root the box on GTFObins using fpm to simplify the crafting process but I get an error "error: cannot perform the following tasks:…’ , should it work or I really have craft the whole thing from scratch?

XMallory · May 18, 2021, 6:33am

let me know if you need any hints
i wont tell you the whole key
ill give you only hints no spoilers

vladimirfp · May 18, 2021, 3:48pm

got root