Curling

Finaly i found out how to extract the password

Really stuck on privesc. Can someone PM me some help please? I know I’m overlooking something simple but I just can’t think what.

I Get Root + User Also
But Still Not Know
What Did I Do Woth That Pas***_bac** File

For getting root i used c program with help of metasploit { alternative way }

But what i do with That Password backup file

I wanted to learn how to decrypt that

@Amzker - check your pms

Finally got root shell. My advice for ones that got the root.txt but failed to get root shell is:
Read the manual of the same command that you use to get root.txt carefully :slight_smile: PM me if you need a nudge.

@TazWake said:
@Amzker - check your pms

Ah ok

@ck0 said:
3. For root - don’t bother diving too deep. Everything is in front of you, just learn by what binary the config (!) file can be ran and you will get an answer.
You may want to understand how all that is working - then write one-liner bash script to check difference of running processes from previously running processes every second. I used a diff command to compare two variables… You may need to run it for several minutes to get the more accurate answer :wink:

I have ran several scripts for several minutes, ain’t happening anything…

little nudge would be appreciated in prv esc.
i know what’s happening with the proc… in a***-**** with the files but i’m stuck on leveraging it for root…

edit: finally got it… pm if you need assistance

Got the plaintext password, but im not sure where to use it. (already tried for SPOILER)

EDIT: pfff hate people that are messing the machine up, retried my step and got the flag…

My only complaint with HTB would be that the frequency people just mess up a box means you can’t always be sure if your tactic is correct or not, which often results in the massive number of pointless resets.

Still, its only a small complaint.

im still fairly new here, abut 2 weeks, every time i worked on curling it had file transfer, today i tried and it didnt had the file transfer, was i all this time working on a semi-solved machine?

If it had FTP open, its likely someone else had done that - but its ok, it isnt part of any path to root I can think of on this box.

@TazWake said:
If it had FTP open, its likely someone else had done that - but its ok, it isnt part of any path to root I can think of on this box.

i was actually talking about the website

Ah ok.

i found the pa*****_ba***** file and i know what kinda file it is, but whenever i try to run b**p2 on it, it says that it cant determin the original file name. i have tryed to use the recover tool and a slew of other things. i cant figure out what i am missing.

If anyone needs help feel free to PM me

pm sent> @Baikuya said:

If anyone needs help feel free to PM me

Some hint with getting root.txt? I’m not sure if I’m just retarded, but I can’t seem to figure out what to do. Already got user…

@bithoveen said:
Some hint with getting root.txt? I’m not sure if I’m just retarded, but I can’t seem to figure out what to do. Already got user…

Same here. Going round in circles. Can someone PM me plz?

Sent both of you a PM.