just rooted! feel free to dm or discuss! curious how others went about it!
Just finished, what a box! Here’s a few tips that can help.
Foothold: Check how you can escalate your privileges as a user on the academy, you’ll be led to a nice hidden place. Follow what you find, and you’ll find some interesting secrets. Use the secrets to your advantage to craft a gateway - what you want is closer than you think!
User: The academy has more secrets, just need to find them. You’ll find a few, but this particular secret is distinct from the others - don’t doubt yourself, try it!
Root: You’re considered a particular type of user, rather privileged, you can see what others have done. You might need to audit a thing or two, you’ll find a new secret. Afterwards you’ll discover a new privilege - just feed it what it wants and you’ll get root.
Can… this be a feature on HtB?
Not the vuln obviously but the “Academy” thing. Was not expecting to see something so put together on a box, fantastic work @egre55 and @mrb3n
great machine @egre55 and @mrb3n , maybe a “medium” rating would be more appropriate ;o)
Awesome ASCII art !
I got the user flag, but how do I escalate to root I am confused…plz help…
any hints for as user to escalate admin priv
Rooted
I got a directory on the web server named Mo*****_f**** does this one help or I am in a rabbit hole
Type your comment> @St4yc4lm said:
I got a directory on the web server named Mo*****_f**** does this one help or I am in a rabbit hole
I guess it’s a rabbit hole, since you should find a more interesting page once you are more privileged than the mass…
rooted nice box
Type your comment> @LMAY75 said:
Can… this be a feature on HtB?
Not the vuln obviously but the “Academy” thing. Was not expecting to see something so put together on a box, fantastic work @egre55 and @mrb3n
Lol, it actually is. Just saw the video in the ippsec youtube feeds…
Never been so stuck. Can someone give me a nudge for the foothold please, I must be blind. Not finding anything apart from the login portals and the sample user page
Rooted, In two minds about the box.
Good that in highlighted my overeliance on enum scripts such as linpeas
Bad that I went down so many rabbit holes because of my overeliance on enum scripts.
If anyone who rooted this under <2 hours could DM me what there approach to enum is, I would appreciate it.
Is it just a mix of opensource scripts, or rigourous use of grep or just experience to know where to look.
EDIT: I’ve been told linpeas does highlight the thing but isn’t as obvious as I would have though. Probably a good ide to supplement linpeas with a couple greps
i was chasing egre55 all the time lol and skipped other users
I could really do with a nudge for root…
uid=0(root) gid=0(root) groups=0(root)
This took forever and I overlooked multiple times… I personally would not rate this an easy box tbh, but it was a fun one for sure. Probably I am just a noob, lol.
Really enjoyed this box - had hoped it was going to be easy enough to blitz through and get a good final rank but sadly stalled at the user stage.
Foothold: Classic web app techniques lead to some valuable info and red herrings, ignore the most obvious bits when you inevitably run into them and search for something else, which will require some less obvious info.
User: Enumeration, enumeration, enumeration, it will probably be obvious if you look hard enough
Root: You can now access some new info, I needed Google to tell me how to interpret the data that I needed though. Once I had this data, it was just a case of a classic root escalation technique.
Rooted. An OSCP-like box. Recommend for who gonna have OSCP exam
any hint guys