Book

daronwolff · April 1, 2020, 11:22pm

Update:

I switched from
edge-eu-vip-13.hackthebox.eu
to
edge-eu-vip-17.hackthebox.eu

and the “weapon” worked correctly. I don’t know what’s going on here guys, but if you feel your POC is correct to try switch to different servers. I wasted 2 days on this :(.

Besides that, the machine is excellent, I learned a lot!.
Thanks to the creator

=====

~~I’m stuck on the PE. ~~
~~All of sudden, the “weapon” is not detecting the changes in the “ac**ss…**g” file. ~~
~~I have same POC, same “weapon” that I was using a couple of hours ago and now it’s not working ~~
~~ I restarted many times and it still is waiting … ~~
~~Any ideas? ~~

d3kum1d0r1y4 · April 2, 2020, 6:18am

NOEN

zaicurity · April 2, 2020, 9:52am

Rooted it yesterday. I noticed that for the last step I had to make sure my pspy tool wasn’t running or else it didn’t work. Might be a problem on free servers if others are running it.

NFire0111111 · April 2, 2020, 10:44am

Rooted !
i want to thank @Kevoenos for the little nudge. Without specific nudge i was unable to solve this box.

Thanks, also to @MrR3boot for the box, i appreciate it. Very good ! i Appreciate a lot the part when you got something… i can start again from that point…!
Basically all nudges are in the forum, read carefully, if you stay stucked is possible you dont know that particular thing.
Feel free to DM.

71xn · April 2, 2020, 7:11pm

Rooted finally!
Such a unique and cool box, was a change from the usual medium box, @MrR3boot great box dude.

Some tips -
Foothold: OWASP and enumerate the pages you have access to
User: OWASP and malicious inputs
Root: linpeas

I’m open for DM’s if anyone needs a nudge

avekiszka · April 2, 2020, 8:16pm

It was fun. Thank you for the box

T4t1k · April 2, 2020, 8:24pm

Spoiler Removed

TazWake · April 2, 2020, 9:34pm

@Tatik said:

I found id_rsa, passed it through pdfminer but i get bad permissions error

Thats because your permissions are incorrect. The error message pretty much says what you need to do - or man chmod.

smashsec · April 2, 2020, 11:25pm

Rooted. The longest part was gaining admin creds, thanks @TazWake for the nudge. Great box, has a realistic vuln in the P** creation which was a new technique for me. Priv esc, relatively straightforward and there are lots of hints in this thread. Thanks for the box @MrR3boot

Lytes · April 3, 2020, 12:02pm

I rooted the box but can someone PM me how they figured out what activated the log****** or was it sheer trial and error?

T4t1k · April 3, 2020, 1:09pm

ROOTED !

Check my signature for a tip or send a PM

T4t1k · April 3, 2020, 1:10pm

@TazWake said:
@Tatik said:

I found id_rsa, passed it through pdfminer but i get bad permissions error

Thats because your permissions are incorrect. The error message pretty much says what you need to do - or man chmod.

Thanks so much

M3rlin · April 3, 2020, 5:51pm

Rooted. Thanks to @TazWake and @mimo for getting me over the hump at the start. Very new to the that area at the beginning, I learned a great deal from this one. Great box @MrR3boot.

Can do PM’s for help and support.

Wow… what a ride that was lol

mimo · April 3, 2020, 5:54pm

Type your comment> @M3rlin said:

Rooted. Thanks to @TazWake and @mimo for getting me over the hump at the start. Very new to the that area at the beginning, I learned a great deal from this one. Great box @MrR3boot.

Can do PM’s for help and support.

Wow… what a ride that was lol

Glad I could be of help.

tkSEC · April 3, 2020, 8:33pm

Can someone tell me if the “Role” field on the website changes its status once you log in as a****? I think I’m seeing the path to get foothold, but something still isn’t working.

Watskip · April 3, 2020, 8:48pm

@bigFish43 said:

Can someone tell me if the “Role” field on the website changes its status once you log in as a****? I think I’m seeing the path to get foothold, but something still isn’t working.

It won’t, You need to login on the right place

tkSEC · April 3, 2020, 9:02pm

@Watskip said:

@bigFish43 said:

Can someone tell me if the “Role” field on the website changes its status once you log in as a****? I think I’m seeing the path to get foothold, but something still isn’t working.

It won’t, You need to login on the right place

Thanks a lot! Can’t believe I missed something that obvious. I shouldn’t do HTB boxes when I’m tired

shellnox · April 4, 2020, 11:13am

Why do I sign out after some few minutes that I sign in as admin??!

0x64Marsh · April 4, 2020, 8:07pm

@c4ph00k (Page 11) Best hint for getting user 2.1 thank you. you saved me from going deeper into the injection rabbit holes i was trying…

hg8 · April 5, 2020, 10:12am

Stuck at root part.
Did you guys/gal modified the exploit for l…-…e?

Or am I overthinking it ? Would love some tips for directions here…

EDIT: Aaah nevermind, the exploit ended up working fine while I didn’t change anything… So don’t hesitate to retry your exploits multiples time if you are sure of everything