Stucked on user, how to get to root?
Rooted. if you stuck PM me and will gladly help.
So Iām totally stuckā¦I fount a g****b page and some potential web shells but Iām not sure how to determine which one would work best. Any help? Can someone DM me some hints?
Type your comment> @TheMaestr0 said:
Rooted. if you stuck PM me and will gladly help.
got the header file, inserted code but not getting anything, Is there other way.
Type your comment> @Chi3f said:
Man root it killing me on this box. Not really straight forward. I really struggled on this box. Anyone fell like PMing me help with root? I just need to know Iām looking in the right location. I donāt want the answer.
Same with me, if you found the way then a nudge would be great.
Tried injecting in 00-hea*** still not getting it
got the header file, inserted code but not getting anything, Is there other way.
r u sure that your inserted code is persistent, just sayin ā¦
Type your comment> @TheMaestr0 said:
got the header file, inserted code but not getting anything, Is there other way.
r u sure that your inserted code is persistent, just sayin ā¦
I know itās not persistent, itās getting erased every time Iām logging, as cp command is running on each login it copies file from /var/backups/up** and pasting to e**/motd/ dir.
Any hint how to make it persistent or Is there other way around?
@EzioRaison said:
@TheMaestr0 said:
got the header file, inserted code but not getting anything, Is there other way.
r u sure that your inserted code is persistent, just sayin ā¦
I know itās not persistent, itās getting erased every time Iām logging, as cp command is running on each login it copies file from /var/backups/up** and pasting to e**/motd/ dir.
Any hint how to make it persistent or Is there other way around?
You canāt make it persistent. As you mentioned, it gets constantly restored, so you rather need to be quick.
Type your comment> @HomeSen said:
@EzioRaison said:
@TheMaestr0 said:
got the header file, inserted code but not getting anything, Is there other way.
r u sure that your inserted code is persistent, just sayin ā¦
I know itās not persistent, itās getting erased every time Iām logging, as cp command is running on each login it copies file from /var/backups/up** and pasting to e**/motd/ dir.
Any hint how to make it persistent or Is there other way around?You canāt make it persistent. As you mentioned, it gets constantly restored, so you rather need to be quick.
Any hint how to do that, or what i need to learn in order to do that?
@EzioRaison said:
@HomeSen said:
@EzioRaison said:
@TheMaestr0 said:
got the header file, inserted code but not getting anything, Is there other way.
r u sure that your inserted code is persistent, just sayin ā¦
I know itās not persistent, itās getting erased every time Iām logging, as cp command is running on each login it copies file from /var/backups/up** and pasting to e**/motd/ dir.
Any hint how to make it persistent or Is there other way around?You canāt make it persistent. As you mentioned, it gets constantly restored, so you rather need to be quick.
Any hint how to do that, or what i need to learn in order to do that?
You need to research what the service is used for, and when those files are used/executed. Once you know that, you need to be quick with triggering it after you modified the file 
Finally got root, thank for your help guys
Rooted. Thanks for the creator!
Root turned me into un poco loco.
Feel free to PM! Make sure you state your obstacle. 
Good box, if someone needs help PM.
Fyi - Root is the story of needing three shells to work. hope this isnāt a spoiler. Root was a PITA. Ctf-like all the way through. Cool once you figure it out. Thanks @Xh4H
I doubt about Rootā¦ I got root privilege but cannot use any commands even āidā or āwhoamiā. Just want to read the root flag.
It showed as bash: no job control in this shell.
For sure that I got āroot@traceback:/#ā
Already reset the machineā¦Still not working.
If someone knows the way out, please PM me or answer here.
EDITED: ROOTED
Rooted it. Some idiots were keep resetting and deleting the files but now rooted it. Thanks @FDS for the help.
Initial Foothold: Read the author text and OSINT.
User: See what you can do and please do it.
Root: Thats a little tricky. Analyse everything in the shell files folders everything and then play with time.
If stuck feel free to pm.
My first box on HTB, thank you very much @Xh4H for creating it and to all who wrote their hints in the forum!
As a beginner, it was very useful for me to watch a YouTube walkthrough of Postman by @ippsec to get the basics (thereās one of around 1h10mins).
To get user, the tips about enumeration were the most useful for me (relying also on the information in the video mentioned before and on some hints on the box).
For root, comments about using pspy and check out timing (along with the enumeration scripts used above) pointed me to the right direction and I could finish it thanks to @nyckelharpa 's comment!
Finally Rooted.
Hints:
USER: See what the author wants to tell you, Google and GTFObins !
ROOT: Enumeration is the key! See the process and search what files you can write.
Feel free to PM.
Enumerated and found users. Im not sure what to look for in my ldapsearch. Found port with a webservice. Im just not sure where I go from hereā¦
Hey! Iām really sorry, but I think that I might need a huuuge help thereā¦ Iām trying to learn so Iām really new, and Iām also verry stuckā¦
So what I did :
nmap scan
dirbuster scan and found a few pages ātest1.phpā, āphp-reverse-sell.phpā, ā¦
inspect the webpage, done some research on the creatorā¦
Burpsuite
nessus wonāt open for some reasonā¦
tried a few things : āssh Xh4H@10.10.10.181ā and an all lot of passwords that didnāt workā¦
so Iām kinda begging for help right thereā¦ in fact almost a walk through I guessā¦
feel free to pm and if you have any free suggestions to learn pen testing Iām also interested !
Thx !!