I did manage to get a rev shell at first try, no connection issues.
Hello everyone,
I managed to pwn user but now Iām stuck, there no much hints for this privesc, can someone drop a small one?
Tryed sudo -l and suid/guid executables, nothing found 
There are some **** binaries which donāt have an exploit payload on gtf****, but there may still be ways to exploit them under some circumstances.
**edited because i wasnāt sure if i was giving too much information
Solved, thanks.
But htb does not accept my flag, it seems like something is not working, I canāt rejoin the machine
same for me, i think the machine is going from lab arena to ānormalā at this timeā¦
It works now but you have to replay the steps / shellcodes etc because of the ip and moreover, the flag changed !
Seems like when a user is using the ābackdoorā no other user can connect (that --once flag ), do you confirm?
1 Like
that is exactly what the --once flag does.
particular VM , interesting , new think
Smooth easy machines learn something new on the root part feel free to DM if you need nudge
2 Likes
ā¦ and rooted 
There are enough hints so I donāt add ^^
Root was pretty straight forward, foothold also, but not so easy between foothold and user 
PM if stucked
Found M**** credentials, but canāt figure on how i can use it to get the foothold. Any tips?
1 Like
you got the right start now looking for something else to get info about proc
The cred is useless
DM open
1 Like
I Managed to achieve user but Iām completely stuck at getting root. Iāve observed a certain āuselessā operation being executed on the machine and I strongly believe itās the main vector to getting root. However I do not seem to be able to exploit it; Iāve also researched the topic online and this lead me to believe that such process can not be exploited the way it is builtā¦ Am I missing something?
Edit: Done. For other people struggling with this last part, i have a couple of suggestions:
- Trust your guts. Thereās a misconfiguration in place and you cannot completely check its nature before exploiting it.
- Be sure of using the right command.
Finally rooted this machine, as everyone agreed āfrom initial foothold to userā is a pain for non-experts there are lots of good tips above so i will not add more. At root part, I have checked lots of spaces and spent lots of time to look previous service again and again, then i realized that, sometimes its not so hard, just read man pages or google it fluentlyā¦ 
1 Like
This was a fun box. There were definitely some more challenging aspects, when considering this is an easy box. That being said, once you get past the hard part, its pretty straight forward.
Feel free to PM me for hints!
Great box!
Can someone message me a hint about the command for root? I think I understand whatās happening but no dice.
I have managed to get upto user. Still got stuck to move forward from here.
Any tips ?
Can someone give me a hint? After enumerating the plug-ins, I donāt know the entry point.
Can anyone give me a hint? I have enumerated the plugins and checked all the files please tell.