Swagshop

neon45 · July 9, 2019, 2:33pm

Struggling to get full tty shell to access sudo /ur/b**/v tried a lot of different tty spawn commands and have had no luck. If someone could nudge me in the right direction that would be very much appreciated!

NotSmartEnuf · July 9, 2019, 2:41pm

Can we please stop breaking the box by putting the reverse shell in index.php? thx

Gletchsuin · July 9, 2019, 4:18pm

Type your comment> @NotSmartEnuf said:

Can we please stop breaking the box by putting the reverse shell in index.php? thx

+++

NotSmartEnuf · July 9, 2019, 4:37pm

Type your comment> @thegoatreich said:

Type your comment> @alephsur said:

Hello, i have a problem with the machine. I have the access for the root file but it has not the key. It only show me a message with a draw and a message telling me to join to hackthebox.store using the flag as password, but there isn’t any flag. Do you have any hint to solve the problem.

Are you sure about that?

Same issue - any further hints maybe?

idna · July 9, 2019, 6:14pm

It should have the flag in there as well as the message. If it’s not try a reset, or wait 3 seconds until somebody else resets it.

0xfabiof · July 9, 2019, 8:05pm

Anyone knows why the FileSystem IDE option sometimes shows up in the admin panel menu and sometimes it doesn’t?
Is someone else enabling it?

EDIT: NVM.

m3lodicmin0r · July 9, 2019, 10:50pm

I got user through someone else’s work on this box and now its coming back to bite me in the ■■■.
Can I PM someone for a little help?
All I’m trying to do is get user again so I can work on the obvious next step.

NotSmartEnuf · July 10, 2019, 8:33am

Type your comment> @melodicminor said:

I got user through someone else’s work on this box and now its coming back to bite me in the ■■■.
Can I PM someone for a little help?
All I’m trying to do is get user again so I can work on the obvious next step.

Absolute beginner but did manage to get user and root, so feel free to drop me a line.

Phase0 · July 10, 2019, 9:47am

Could someone help me out a little? Got to the admin panel and used the right exploit which gave me W***** but when I try the creds I can’t get in

brigante · July 10, 2019, 11:53am

Hi everyone.
I managed to access the admin panel and enable F **** I **, loaded the revShell and taken user.
Now I’m stuck on the root by the comments we understand to use a base esc esc but without success. can someone give me a suggestion in PM.
Thanks and sorry for my bad english

EDIT: please pm me hint for priv esc ///v not working for me

murdermostfowl · July 10, 2019, 3:15pm

Type your comment> @NotSmartEnuf said:

Can we please stop breaking the box by putting the reverse shell in index.php? thx

Seriously THIS. Use some thought, people. There are plenty of other php files in the sea.

DaveCrim · July 10, 2019, 3:32pm

I managed to root the box after much trial and error - mostly due to what I suspect is other users modifying index.php. I finally did something that seemed to stabilize the box somewhat; I removed write permissions from the index.php file. That seemed to keep it up and running for the time being but I’m sure that will revert as soon as someone resets the box.

chmd -w /var//**/index.php

I’d recommend that the authors/htb staff modify the gold image to make this modification permanent if that is a reasonable thing to do. Cracking the box probably took an additional 6 hours of trying to get in, only to either encounter the 503 / service unavailable problem, or a “Failed to daemonize…” issue that I suspect is because people keep trying to modify the index.php file to gain access. Also people keep then resetting the box because they lose access because the website goes down… its a vicious cycle.

m3lodicmin0r · July 10, 2019, 4:10pm

Type your comment> @NotSmartEnuf said:

Type your comment> @melodicminor said:

I got user through someone else’s work on this box and now its coming back to bite me in the ■■■.
Can I PM someone for a little help?
All I’m trying to do is get user again so I can work on the obvious next step.

Absolute beginner but did manage to get user and root, so feel free to drop me a line.

Finally got the thing to do the thing without breaking everyTHING…
Oh how versions matter.

mrRob0to · July 10, 2019, 8:31pm

Been stuck trying to get root for a couple of days now, I know what command to run, but i’m dead in the water now. Can someone PM some advice

kaosneverdied · July 10, 2019, 8:44pm

Finally rooted!! Massive thank you to @Achille for helping me straighten out my thoughts and nudging me towards the correct one on user.

USER: really easy on hindsight, really difficult at the time. Its obvious once you stop trying to think like Mr Hackerman.

ROOT: I struggled with this for ages. In fact I learned a tone about privesc, as I’ve never done it before. Finally, when I figured it out, I could have kicked myself. It was so much simpler than I’d recognised. I must have input the near correct syntax 50 times before I realised where I was going wrong.

Lesson learned: Think with your eyes.

Thank you @ch4p as a noob, I got loads from that.

m3lodicmin0r · July 11, 2019, 5:49am

Rooted! PM if you need a nudge!

Ninkasi · July 11, 2019, 3:20pm

Stuck at sudo trying to priv esc with the big V, if anyone can send me a PM i’d appreciate it!!!

Got root.

0racle · July 11, 2019, 11:16pm

Job is done.

JohnEagle · July 12, 2019, 9:21am

Am I being really stupid by having a shell but not finding the user flag?

Ninkasi · July 12, 2019, 10:21am

Type your comment> @JonnyGill said:

Am I being really stupid by having a shell but not finding the user flag?

Just Find it mate.