This one took me wayyyy longer than anticipated. Learned a lot, screamed a little, but got it in the end! Congrats to everyone who got it so quickly. The path to root is something I will always keep in the toolbelt. Thank you to the box maker!
There’s probably enough here in the comments to get you going, but I’d like to offer a subtle methodical nudge.
To anyone struggling at privesc: Think about the logical flow of keeping persistence on a box. What’s the first thing you’d like to have happen? And what goes into that from the system’s perspective? I hope this helps someone. I was stuck here for a while.
Feel free to DM. You need to tell me where you’re stuck and what all you’ve tried. I will not tell you what to do, but I am happy to offer some guidance.
I’m confused with getting the user here. I figured out which webshell to use and tried using default auth in the it, but was not able to get anything after that. Am I missing something obvious here???
Rooted a few days ago as my first machine on HTB. Cool box, easy but fun, learned some useful tricks.
Often hints are in plain sight, try to understand where they could be: then Google is, as always, your friend.
This will lead you straight to have access on the web shell. From there, you’re gonna need to find a way to access on the machine itself, keeping in mind that there are some backdoors opened.
Once on the machine, read everything you find there and try to understand what you can do as w*** in order to migrate to s***. Then remember what you’ve already seen: as I said before, often hints are in plain sight. There are some messages somewhere you can modify as you prefer. This would lead you to own machine!
Hope this is not too much of a spoiler. Feel free to PM me if you need nudges!
Hi there, I’m a bit stuck on the user part. I found the shell and the note and via s*** I found l****. I created a l** reverse shell and tried to run it with l****, but I don’t get any response, neither an error nor a shell. Do you guys know what I’m doing wrong?
Hi there, I’m a bit stuck on the user part. I found the shell and the note and via s*** I found l****. I created a l** reverse shell and tried to run it with l****, but I don’t get any response, neither an error nor a shell. Do you guys know what I’m doing wrong?
Why does it have to be a reverse shell? Maybe try some simpler commands that allow you to get access.
Stuck on root. I figured out i have to trigger something by s** into the box but mot*.* doesn’t seem to be triggered unless s** with a valid password which i can’t seem to find. Help would be appreciated!