Try leaving the machine, changing your VPN server, reconnecting to VPN and rejoining the machine. Worked for me!
Im gettting the feeling I have done this box wrong, seeing a lot of python this, python that, docker, user cody, creds etc. but I have done none of this, I literally went:
1) Recon (20 mins)
2) RCE exploit to user (5mins)
3) Used our green buddies to find SUID and then abuse for root! (10 mins)
Can anyone tell me if they did this route? seems much easier than the python, docker, creds route??
1 Like
not sure if anyone can help with a small nudge on foothold. i have found the vuln and am trying to use our âsweetâ tool to stop the encoding issue. i am using the shell cheat sheet but im feeling like im missing something with sending it off to the machine. maybe someone can let me know of a resource i can use to learn how to go about sending this? i do understand how the vulnerability works but its just using our tool i think is the issue to send it properly
EDIT: otter did a great job helping me without direct solutions
1 Like
dm
1 Like
Exactly, took some time for root, other than that i found this easy, usually different from a HTB âeasyâ box .
can you give me a hint. After the user flag and running linpeas I am not sure which direction to take?
Send me DM if you are still stuck on this.
solid box
privesc is tricky - it took me some time to realize that I could use what I found to list what I could run. make sure youâre not missing any characters when you type into what you canât see!
Rooted!
guys stop deleting the otherâs stuff pleas this is not an attack and defense machine
hey guys,
can you connect to the port 22? I found the user and the password, but I get following error:
ââ$ ssh svc@10.10.11.208
ssh: connect to host 10.10.11.208 port 22: No route to host
Thanks for your help.
What do you mean by green buddies?
Iâve been a cybersecurity professional for about 4 years now. Never used/needed hack the box. I finally decide to try it out and had a blast doing Sau. After today, I donât think this platform is worth the time wasted on these silly boxes.
Not gonna lie, this box is pretty stupid. 5 minutes of OSINT and you can copy and paste your way to the user-- only to spend an entire day doing this âEasyâ level root. I managed to develop exploits for 4 maybe 5 CVEs today just trying to get rootâŚ
- Nobody who cares enough to have that complex of a password is dumb enough re-use it.
- 1 singular function and/or syntax lesson was the answer.
(Not sure if you box builders know, but in the infinite bytesteam of our field, tiny factoids arenât âeasyâ to discover when you donât know they exist.) - Thereâs way too many rabbit holes. This box is vulnerable software galore. I opened AT LEAST 50 tabs of CVEâs that were genuinely relevant and applicable to this box. Every single one of them failed almost exclusively to just 1 config option being set to on. (9/10 times it wasnât the default option.)
In fact, this machine has so many rabbit holes that I legitimately found out the secrets of Area 51 by just enumerating /var/www/.git. If you feel good about yourself for making a âsecureâ box, props to you.
Although itâd be a million times easier to just type âapt upgradeâ instead of sedâing your entire etc folder. Just some advice for your next masterpiece @boxmaker.
133732
if you spend 50+ cves to try against this box? whats wrong with you?
idk how but HTB should find a way to not mix the hackers in one single machine. it was all cluster fâŚ
im creating a script, another guy removes it, someone asks for machine reset, another one changes the content of my scriptâŚ
as for the box. piece of cake for user.txt
gave medium for the root because of enumeration took a bit long to identify whatâs going on and need some more insights other than googling CVEâs.
fun for sure.
Hello,
Someone can help with privsec?
I cannot modify the file to gain the root privileges.
Any advise?
Hi,
How did you modify the bash file to gain root privileges?
Hi again,
Are you talking about ./full-checkup.sh file?
DM me