I experienced same kind of pb… you have to tried many times the command and then it will pop in your listening console…maybe a conexion issue, don’t know …
I did manage to get a rev shell at first try, no connection issues.
I managed to pwn user but now I’m stuck, there no much hints for this privesc, can someone drop a small one?
Tryed sudo -l and suid/guid executables, nothing found
There are some **** binaries which don’t have an exploit payload on gtf****, but there may still be ways to exploit them under some circumstances.
**edited because i wasn’t sure if i was giving too much information
But htb does not accept my flag, it seems like something is not working, I can’t rejoin the machine
same for me, i think the machine is going from lab arena to “normal” at this time…
It works now but you have to replay the steps / shellcodes etc because of the ip and moreover, the flag changed !
Seems like when a user is using the “backdoor” no other user can connect (that --once flag ), do you confirm?
that is exactly what the --once flag does.
particular VM , interesting , new think
Smooth easy machines learn something new on the root part feel free to DM if you need nudge
… and rooted
There are enough hints so I don’t add ^^
Root was pretty straight forward, foothold also, but not so easy between foothold and user
PM if stucked
Found M**** credentials, but can’t figure on how i can use it to get the foothold. Any tips?
you got the right start now looking for something else to get info about proc
The cred is useless
I Managed to achieve user but I’m completely stuck at getting root. I’ve observed a certain “useless” operation being executed on the machine and I strongly believe it’s the main vector to getting root. However I do not seem to be able to exploit it; I’ve also researched the topic online and this lead me to believe that such process can not be exploited the way it is built… Am I missing something?
Edit: Done. For other people struggling with this last part, i have a couple of suggestions:
- Trust your guts. There’s a misconfiguration in place and you cannot completely check its nature before exploiting it.
- Be sure of using the right command.
Finally rooted this machine, as everyone agreed “from initial foothold to user” is a pain for non-experts there are lots of good tips above so i will not add more. At root part, I have checked lots of spaces and spent lots of time to look previous service again and again, then i realized that, sometimes its not so hard, just read man pages or google it fluently…
This was a fun box. There were definitely some more challenging aspects, when considering this is an easy box. That being said, once you get past the hard part, its pretty straight forward.
Feel free to PM me for hints!
Can someone message me a hint about the command for root? I think I understand what’s happening but no dice.
I have managed to get upto user. Still got stuck to move forward from here.
Any tips ?
Can someone give me a hint? After enumerating the plug-ins, I don’t know the entry point.