Rooted, good box.
A couple hints:
Rooted, pm with progress made for a nudge
Trying to exploit that ‘exec’ formatting is a rabbit hole?
Type your comment> @ion21 said:
Trying to exploit that ‘exec’ formatting is a rabbit hole?
Not a rabbit hole.
Type your comment> @kiaora said:
Type your comment> @ion21 said:
Trying to exploit that ‘exec’ formatting is a rabbit hole?
Not a rabbit hole.
Trying to exploit it for almost two hours now, the last quote in the variable seems to be breaking my plan. PM me if you can.
Have a locally working reverse shell but somehow can’t get it to work remotely, (small) nudge anyone?
Edit: nevermind, solved it. If you’re stuck on the same thing: only use native parseltongue 
Edit2: thanks @kiaora for the nudge, user done.
Edit3: rooted!
Rooted!!
Hint for User: Pretty straightforward. Look harder → get shell → Play around with something you see → Modify → Get user
Hint for Root: There is something more you will see, play around with it and something will happen very fast that you can’t see. Make some script to catch it and get root 
Feel free to DM if you need more help
Hello guys, i managed to get the SSS.py file, i found the vunerability on the py file and managed to run some commands. But how do i get a shell?
Thank you pretty much for the box.
What most beginners (or not only beginners) need on HTB is machines that require players to research source code in order to get over it. I like that initial foothold and root parts required me to inspect code carefully. So, can I say that the machine gives experience? Yes, definitely. And I recommend you guys finish it. Perfect machine, thanks.
Potential spoiler
For those stuck on fuzzing for the secret directory (like me, for a few days), there are plenty of comments on here already to help you but what helped me the most:
(1) You’re probably already using the right wordlists, and you can use almost any tool. This [probably] isn’t where you’re going wrong.
(2) You may have a syntax error preventing you from finding the correct url. Think about what you know, what you don’t, and how they should fit together
(3) Guessing manually: some things from the site you need to copy verbatim, others you shouldn’t
Happy to PM with anyone needing a nudge; great learning opportunity for fuzzing syntax.
Type your comment> @yeezybusta said:
Type your comment> @M0squ3ra said:
i need a hint to root, i can’t use BH.py, i have problms to read /e/s** file
having the same problem, do you have a hint for me?
edit: rooted, reset was needed and then did it the intended way I think
I am having the same problem, also after reset i keep getting permission denied errors. I am trying this with user r*****. Am i doing something wrong here or should i try to reset the box again?
edit:rooted, used the wrong format for the command
This is my first box, I managed to find SSS.py without issue, but my python skills are questionable at best. I can use context clues on where the issue may be, but I have no idea how to use it to my advantage. Can someone DM with a nudge, or possibly some info on what is happening here.
Rooted!!! Yoohuu!!! My first rooted machine!
I assume that it was not so difficult, as done it without previous python knowledge.
But learnt a lot in the process. It was fun!
My hint for those who is struggling. Read the code, everything is there. Run and test all locally if needed. It will help to understand what is going on in details and next steps will become clear.
Hey everyone. Wondering if I can get a nudge here, been working on Obscurity the past two days, I am able to get a shell when running SSS.py locally, but send the same payload to the server gets me nothing…
Can someone please nudge me? Struggling with the foothold. Tried fuff, wfuzz and dirb but I am not getting any directories at all. Tried direct path to SSS*****.py but can’t make it work.
Hi,
I’ve some problem, because I’ve easily found py file, modified to execute on my machine, then tested a custom payload and everything worked.
When I execute the very same request against the machine, I simply got a 404 and nothing else, so I think I’m missing some super obvious stuff, any hint?
Edit: Got a shell, now I’m trying to understand what to do with it
Edit2: once you got a shell, it is straightforward to go to user flag, now I’m heading to root
Edit3: Rooted, after getting user, rooting the machine is really easy, the only difficulty is that I have not right tools installed so I resorted to do a custom python script for the last part.
I’ve only a doubt, since I’m new on HTB: I wrote my custom script in /tmp directory, and carefully removed everything after getting root, to avoid spoiler for other users, is there any official guidelines on “where to put my custom script”? (Some directory that gots automatically deleted)
Thanks, it was really a fun box.
Hi,
i’m new to Hack the Box. Had a lot of fun on Postman and am now working on Obscurity as my second box:) I managed to find the SSS.py and am working myself through the code. My python is pretty rusty but i guess i found some interesting things. But my idea seems not to work. Could somebody pm me to check whether my plan is the right one?
Thanks
Hello Everyone,
When I run the e**c function on my machine it works, but it doesn’t on the webapp.
I’m trying to use the O* Module, and call a system command to get the shell, Am I on the right Track?
I had a ■■■■ of a time with this one due to some copy/pasting/encoding issues, haha. Initial foothold went slower than it should have, then I had the aforementioned issues trying to get user, but root didn’t take too long.
This was a really fun box once I accepted that tools were not going to do it for me.
tips:
all the other hints are already here. This style of box is usually not my thing but I really enjoyed this one. Well done @clubby789 - thank you!