Registry

seke · December 24, 2019, 10:36am

Someone please help with the webshell for second user, can’t make anything run and can’t change extension.

STY · December 26, 2019, 7:21am

Ohhhh this box! Although fantastic, I’m stuck at the final part - so close… Got a shell as that last w**-**** user, found some r***** command I can run privileged. Can use that service on any file I want, but can’t read it or use it at all. Someone DM for a nudge? Felt like I’ve read the whole manual and GitHub pages for r***** atm

pr0mming · December 26, 2019, 11:15pm

Another interesting @thek machine.

At first the escalation was similar to the privesc of OneTwoSeven machine but it is much simpler, the key is to know how to use the client and the server of that technology in the machine.

P.S: I never got a shell with the second user, I don’t know if it’s possible but all the commands can be done from a simple WebShell (in another location).

3zculprit · December 27, 2019, 12:03am

gaining root on this machine reminded of me a very recent project I was working on. Cool way to route the traffic.

Fr0sty9 · December 27, 2019, 1:49am

■■■■, that was a difficult box. My first hard one, and it’s not even supposed to be that hard for HTB standard. Definitely a bit more than I could chew. So glad I didn’t give up. I gotta pay it forward though; dm if you are stuck.

STY · December 27, 2019, 4:51pm

Oke, got it! Finally rooted this box. Took me more hours than most but learned a lot.

CzaryMary · December 27, 2019, 7:11pm

hello, I need a hint for escalation to 2nd user

m9rcin · December 27, 2019, 8:29pm

Just completed. Another very nice machine. Be very accurate in your enumeration, especially when it comes to escalation of privileges. Otherwise you will stuck for hours.
Enough hints on forum to root this machine, so I’m not going to add anything extra.
Extra bonus is learning a new tool which at least I was not familiar with.
Have as much fun as me rooting this box !!! -

dheqendekreqer · December 28, 2019, 6:18am

Wow, finally got root. Took me ages to get to user2. It’s ridiculous once you see it. Getting to root was a breeze. Great box, lots of fun, really challenging. If anyone needs help, let me know.

SohaibSEG · December 28, 2019, 8:50am

anyone managed to get a shell working on that www ?
i am lost with priv escalation…
edit :
if you cant get it working here … it will work 2 miles back and in the other direction

nirodha42 · December 28, 2019, 3:13pm

I’m so stuck on this initial foothold.
I’ve found the d***** and b*** areas. I’ve found the c** file. I’ve read the docs four seperate times. I’ve tried every basic auth combo I can think of and a few wordlists on both areas.
What tf have I missed?

kaelmnop · December 28, 2019, 7:48pm

nvm

SohaibSEG · December 28, 2019, 8:38pm

rooted
finally <3
thank to @Fr0sty9

emilkloeden · December 28, 2019, 11:50pm

After ~2 weeks, finally I rooted this box. Thanks to @0X44696F21 and especially @STY for the patient guidance.

Time to pay it forward, send me a msg in the forums if you’re stuck.

NoWay1911 · December 29, 2019, 6:50am

rooted without getting a full root shell… if anyone could PM me about it, would appreciate.

good box but kind of frustrating. was blocking outbound traffic and removing rename/delete/… functions from B**t C*S really necessary ?

Anyway… learned a lot about the container software and backups thanks!

walsda · December 30, 2019, 7:41pm

I’ve been trying to get onto 2nd user for days…anyone online who can give me a nudge to get webshell up?

EDIT: Got the nudge i needed… thank you CM!

Zer0xdz · January 1, 2020, 9:23am

Rooted, I remembered as I root the Craft box, same style of root by reading document LOL, but this box is much harder.

User: Check HTTP header and google you will find something. Download all files you will see and look harder.

Root: You will go checking that directory and you will find something. Try switch to second user from what you got (a little bit tricky and you have to be fast). After get shell as second user, you should see something and time to read document LOL.

PM if you got stuck (here or better Telegram @Zer0xdz), because it is the first hard box for me too

Payas0 · January 2, 2020, 6:11pm

Rooted this almost 3 weeks ago. Thanks for all your help. need a good enumeration to get the user. root is very hard because of that task script lol.

chvancooten · January 2, 2020, 11:05pm

Rooted! First hard box and last one for pro hacker

Superb box, very fun experience in the end once you survive all the frustrating hoops for root. Thanks, @thek !

I think there is enough guidance for user. For root, think about the reason your exploits may not be working. What limitations do you have to deal with? Once you are at the final step, check your TTY. This cost me a lot of precious hours.

Good luck! PM is open for nudges.

avyora · January 3, 2020, 9:50am

Oh boy, I spend so much time overcomplicating the second user shell Then I found out that it was all about timing.
However, thanks, @thek ! Nice box !