Book

HTB Content Machines
542

Spoiler Removed

543

Wow! That’s box is ■■■■*ng hard! After a moth I finally own the user and now working on root! This is one of the most frustrating,hard, and probably fun box I ever done!
Thanks @MrR3boot !

The only two hints I can give are (of course for user):

  • Enumeration, check everything.
  • Google something can save a great amount of time
  • Persistence!

Nobody born Pentester,we are all here to learn. Make your errors a lesson for the Future!

544

Rooted !

User was fantastic, that was tough for a medium box honestly.
PM me if you’re stuck, I’ll try to help without spoiling :slight_smile:

545

definitely a unique box since my journey on htb so far
a huge thanks to the creators for this one
all the hints are here
goodluck

546

What a box well done @MrR3boot. I was struggling with admin initial and then user thank you @TazWake for the help!

Tip for all boxes: read ALL the forum posts and take notes, even if at the time they strike you as nonsense. They will come in handy later on!

Admin: it was mentioned already in comments:
So, I won’

User: if you’re a webadmin do you want to be typing passwords all the time? No.

Root: linpeas and pspy are going to be the best tools to use here.

547

Gosh, that one was a beast!
User needs a lot of creativity, at least until you realize that the box is eager to tell you more than what you can see. But, in any case, the keyhole is not so clear and it took a lot to me to understand which key was right for it.
Root was substantially simpler. I learned a couple of things, but all in all, the path was easy to spot.
I only have to understand why my root shell lasts only a few seconds…maybe an additional stage could be necessary to keep it stable
Anyhow: great job @MrR3boot

548

Type your comment> @zaicurity said:

Rooted it yesterday. I noticed that for the last step I had to make sure my pspy tool wasn’t running or else it didn’t work. Might be a problem on free servers if others are running it.

Had the same issue… you saved me from hours of headache, thank you!

549

@Chobin73 said:

I only have to understand why my root shell lasts only a few seconds…maybe an additional stage could be necessary to keep it stable

This could depend on how you are getting access. If you are using a process on the server to get your shell, you may be reliant on how well that stays up, and if something is resetting files your shell may collapse.

You can get stable access the same way you got user.

550

Finally got all the way to root. Thanks to @TazWake for the push and the sanity check. Wish I would have seen @zaicurity 's post about pspy earlier, lost a lot of time because I just left it running.

551

Type your comment> @TazWake said:

@Chobin73 said:

I only have to understand why my root shell lasts only a few seconds…maybe an additional stage could be necessary to keep it stable

This could depend on how you are getting access. If you are using a process on the server to get your shell, you may be reliant on how well that stays up, and if something is resetting files your shell may collapse.

You can get stable access the same way you got user.

Indeed, that was my second choice when i was doing it.
But i really would like to find a way to stabilize the common one, perhaps by popping up a separated process…
I can imagine a situation where root is not allowed to the lower port…

552

I’m stuck at the beginning I grab the wordlist a wfuzz. What the ■■■■ am i missing

553

@GuQin said:

I’m stuck at the beginning I grab the wordlist a wfuzz. What the ■■■■ am i missing

Have you tried visiting the server with a browser? Alternatively, if you are just asking about directory enumeration, there are built in tools for this in kali and (as far as I know) parrot.

554

Type your comment> @TazWake said:

@GuQin said:

I’m stuck at the beginning I grab the wordlist a wfuzz. What the ■■■■ am i missing

Have you tried visiting the server with a browser? Alternatively, if you are just asking about directory enumeration, there are built in tools for this in kali and (as far as I know) parrot.

What you mean like visiting the page? Yes of course. I’m try to get in the super account from guest

555

@GuQin said:

What you mean like visiting the page? Yes of course. I’m try to get in the super account from guest

Ok - wfuzz isn’t the right path then. There are a few discussions in this thread about what needs to be done and its hard to add more without getting hit for a spoiler.

556

Hoooollyyy… what a foothold.

Finally got there after a lonnnnggg time and a handful of rage quits. Probably one of the harder footholds I’ve done so far!

Onward to root.

557

awesome box! loved the foothold! enumerate and exploit! thats the way! look for the top common vulnerabilities.

if stock after trying hard!! pm for hint saying what you’ve tried

root@book:~# id
uid=0(root) gid=0(root) groups=0(root)

558

Can anyone PM me the article mentioned quite a bit in here that would help with the second half of user? I have both user roles, and I see the functionality that must be exploited, but the articles I’m finding havent been helpful thus far

559

What a ride to user!
Thanks for all the nudges especially @TazWake and also thanks for the great box so far @MrR3boot

560

User is easy(take care with id.rsa structure, but root is a bit tricky. Nice Box :raised_hand:

561

Great box, thank you a lot @TazWake for the final push!