Official Academy Discussion

uid=0(root) gid=0(root) groups=0(root)
big thanks to @zweeden :slight_smile:

Can… this be a feature on HtB?

Not the vuln obviously but the “Academy” thing. Was not expecting to see something so put together on a box, fantastic work @egre55 and @mrb3n

great machine @egre55 and @mrb3n , maybe a “medium” rating would be more appropriate ;o)

Awesome ASCII art !

I got the user flag, but how do I escalate to root I am confused…plz help…

any hints for as user to escalate admin priv

Rooted

I got a directory on the web server named Mo*****_f**** does this one help or I am in a rabbit hole

Type your comment> @St4yc4lm said:

I got a directory on the web server named Mo*****_f**** does this one help or I am in a rabbit hole

I guess it’s a rabbit hole, since you should find a more interesting page once you are more privileged than the mass…

rooted nice box

Type your comment> @LMAY75 said:

Can… this be a feature on HtB?

Not the vuln obviously but the “Academy” thing. Was not expecting to see something so put together on a box, fantastic work @egre55 and @mrb3n

Lol, it actually is. Just saw the video in the ippsec youtube feeds…

Never been so stuck. Can someone give me a nudge for the foothold please, I must be blind. Not finding anything apart from the login portals and the sample user page

Rooted, In two minds about the box.
Good that in highlighted my overeliance on enum scripts such as linpeas
Bad that I went down so many rabbit holes because of my overeliance on enum scripts.

If anyone who rooted this under <2 hours could DM me what there approach to enum is, I would appreciate it.

Is it just a mix of opensource scripts, or rigourous use of grep or just experience to know where to look.

EDIT: I’ve been told linpeas does highlight the thing but isn’t as obvious as I would have though. Probably a good ide to supplement linpeas with a couple greps

i was chasing egre55 all the time lol and skipped other users

I could really do with a nudge for root…

uid=0(root) gid=0(root) groups=0(root)

This took forever and I overlooked multiple times… I personally would not rate this an easy box tbh, but it was a fun one for sure. Probably I am just a noob, lol.

Really enjoyed this box - had hoped it was going to be easy enough to blitz through and get a good final rank but sadly stalled at the user stage.

Foothold: Classic web app techniques lead to some valuable info and red herrings, ignore the most obvious bits when you inevitably run into them and search for something else, which will require some less obvious info.

User: Enumeration, enumeration, enumeration, it will probably be obvious if you look hard enough

Root: You can now access some new info, I needed Google to tell me how to interpret the data that I needed though. Once I had this data, it was just a case of a classic root escalation technique.

Rooted. An OSCP-like box. Recommend for who gonna have OSCP exam

any hint guys

Got the foothold, trying to get to a user.
Found a hash but wasn’t able to crack it. Am I missing something else or am I just too bad at cracking ? :slight_smile:

Struggling to make progress. Ive tried sql injection on the webpages but made no progress. Ive run nikto and ffuf looking for subdomains. Im going to try the non webport next