OpenAdmin

HTB Content Machines
1326

Type your comment> @Raccooninja said:

can ssh in as j***y, found that dir, curl gives a key, not sure what to do from here. any nudge will be welcome

Well, take the scroll to a wizard whos name starts with j. He may be able to help you, but you might need to modify the scroll so he can understand it. and remember, the scroll is the KEY

1327

@freer33l said:
I got the initial foothold but I’ve been stuck for a while now. I got a shell as www-data but I’m not sure what to do next. I’ve been looking though the config files and whate er else I can access. Could anyone send me a message with a nudge? Thanks

remember, the few magic spells you can cast from there are your friends. Look for old books or scrolls, who knows, maybe the magic words within them have mastakingly been used again…

1328

Spoiler Removed

1329

I have the final user ja password and I cannot login when I am trying ja@10.10.10.171
it tells me permission denied, please try again. Can you please give me a pm or a little hint on how to pass?

1330

@Nighth4wk said:

I have the final user ja password and I cannot login when I am trying ja@10.10.10.171
it tells me permission denied, please try again. Can you please give me a pm or a little hint on how to pass?

You dont have a password to log in. Think about what you have and how you should use it.

1331

woot rooted. took me way too long to figure out such a simple thing lol.

1332

Type your comment> @Nighth4wk said:

I have the final user ja password and I cannot login when I am trying ja@10.10.10.171
it tells me permission denied, please try again. Can you please give me a pm or a little hint on how to pass?

it was the same problem I had, because I didn’t think about it, you need the password… but after the key. Use the key, then everything will be clear to you. Use only the key.

1333

guys, I’m having difficulties with my friend john, can someone pm me?

1334

Took me 3 days, but with some help, I finally rooted my first box. So much fun, I learned so much, and I made notes of every step, just bc there was so much to learn for me.
Learned a LOT about the importance of understanding enumeration, learned a bit about webservers, learned a little about RSA, and pretty sure I had an aneurysm over trying to stay connected ■■■■. And that rooting was way easier than I expected after gaining that initial foothold.
If someone needs a nudge, let me know. I’d like to pay forward the help I received from here.

1335

ROOTED!

Another great Linux box, nice and challenging. I wrote just a couple of hints:

  1. Foothold: basic enum, identify a service and then Google it
  2. User(s): Once you get in there is an interesting config file nearby that will give you access to the first user. Going from first user to the second it’s the most tricky part, but with more enumeration you can easily discover which is the service to exploit.
  3. Root: it took about 3 minutes to…GTFO

These are the tools I used to root the box: nmap, dirb/gobuster, Google, curl, ssh2john and john. I hope this doesn’t spoiler too much, otherwise feel free to remove the comment.

PM me for hints if you want!

Hack The Box

1336

Rooted! User flag wasn’t that easy for me - had to think out of the box bit there - remember that you don’t have to follow the rules if you have access

1337

I’m stuck at the www-data shell. I’ve tried ls and cat and everything but I can’t find anything of interest (except passwd file).

I’ve being trying to cd to different directories in the www-data shell, but whenever I pwd, it always prints the same directory /opt/ona/www. is this supposed to happen?

Help please! Been stuck here for 4 hours

1338

Type your comment> @deetee1 said:

I’m stuck at the www-data shell. I’ve tried ls and cat and everything but I can’t find anything of interest (except passwd file).

I’ve being trying to cd to different directories in the www-data shell, but whenever I pwd, it always prints the same directory /opt/ona/www. is this supposed to happen?

Help please! Been stuck here for 4 hours

Remember that you can cat full directory paths i.e dir1/dir2/file. If I was on a www shell, I might try to look for some config files to see if there was anything of interest in them.

1339

Hello guys, i have a problem. I have cracked the password of j***a but when i try to connect via ssh i can’t connect with that password. PS. i know that’s the correct password cause when i put it in the file with the prte key it accepts it.
Any help?

1340

Hello everyone. I Just rooted OpenAdmin last day and these are my suggestions…
It’s an easy… All you need to do is a very advanced enumeration, but don’t wast your time searching in the amount of file and directory… Once you get the shell and own user it will be very easy task! Try harder!!!

1341

Type your comment> @deetee1 said:

I’m stuck at the www-data shell. I’ve tried ls and cat and everything but I can’t find anything of interest (except passwd file).

Finding the user accounts is a useful thing.

I’ve being trying to cd to different directories in the www-data shell, but whenever I pwd, it always prints the same directory /opt/ona/www. is this supposed to happen?

Yes, this is exactly what should happen if you are using a remote code execution (RCE) exploit. Every time you issue a command it is a new exploit. This is not a shell, so you cant change directory.

But there is literally no reason to change directory.

Running: cd /tmp then ls is identical to running ls /tmp

Running cd /tmp then ls then cat interesting.file is identical to running cat /tmp/interesting.file.

Help please! Been stuck here for 4 hour

Look at the interesting files around where you have landed.

1342

@sentinel1010 said:

Hello guys, i have a problem. I have cracked the password of j***a but when i try to connect via ssh i can’t connect with that password. PS. i know that’s the correct password cause when i put it in the file with the prte key it accepts it.
Any help?

You could read back through the dozens of other times people have asked this question. For example, this is a mere 7 posts before yours: OpenAdmin - #1332 by uncuscino - Machines - Hack The Box :: Forums

Alternatively, you could re-read what you’ve put because you have actually answered your own question.

You dont have a password to log in, so dont try to log in with the password.

1343

Type your comment> @TazWake said:

Type your comment> @deetee1 said:

I’m stuck at the www-data shell. I’ve tried ls and cat and everything but I can’t find anything of interest (except passwd file).

Finding the user accounts is a useful thing.

I’ve being trying to cd to different directories in the www-data shell, but whenever I pwd, it always prints the same directory /opt/ona/www. is this supposed to happen?

Yes, this is exactly what should happen if you are using a remote code execution (RCE) exploit. Every time you issue a command it is a new exploit. This is not a shell, so you cant change directory.

But there is literally no reason to change directory.

Running: cd /tmp then ls is identical to running ls /tmp

Running cd /tmp then ls then cat interesting.file is identical to running cat /tmp/interesting.file.

Help please! Been stuck here for 4 hour

Look at the interesting files around where you have landed.

thank you for your explanation on the RCE!

1344

any one here for small nudge?

1345

can anyone help me?
i’m trying to own root but i’ve never dealt with GTFO’s before

Does anyone have an example or some reading you’d recommend?