Hard to explain it without spoilers. Maybe DM, anyone?
Ping me !
@netburger said:
I found them. Because of them I am able to browse files.
My access is not interactive (is this my mistake?) and I failed to use those creds at any other place.Hard to explain it without spoilers. Maybe DM, anyone?
You can use the creds to enumerate a part of the service which allows users to define functions.
Does anyone have a link, an article, anything, that would help me understand what Iām supposed to do to get user ? I can read files via a very unhandy way of commands, but everything Iāve tried so far to retrieve informations from the user that shouldnāt be able to log in has been a dead end.
P.S : Generally speaking, if your hint is āEnumā or āGoogleā, donāt bother please.
@dragonista said:
Does anyone have a link, an article, anything, that would help me understand what Iām supposed to do to get user ? I can read files via a very unhandy way of commands, but everything Iāve tried so far to retrieve informations from the user that shouldnāt be able to log in has been a dead end.
P.S : Generally speaking, if your hint is āEnumā or āGoogleā, donāt bother please.
Have a look at @TazWakeās hint, here: Official Compromised Discussion - #161 by TazWake - Machines - Hack The Box :: Forums
It exactly tells you what to look for 
@cyberpathogen said:
Iām so close to root. So close, I can see it on two linesā¦ but it seems iām not getting the information I need from them. Is there someone who can give me a sanity check towards root?edit: got it. Great box, love the confidence building enumeration in the beginning, only to beat the ever-loving ā ā ā ā out of you right when you figure out rce!
my only hint to those who might get stuck where i was: sometimes things are a little bit inside-out.
Thereās another path I want to try taking too.
I think I am stuck at the very same spot and tried already every combination I can think of. May I humbly ask for a nudge? :neutral:
Edit: Finally rooted! I feel so stupid, because I did everything right with these two lines but used them in the wrong place m(
This is an awesome box and I learned very much from it.
Feel free to PM me, if you need help.
ok, after reading alot from this discussion i build an idea and it worked!
Rooted!
i found so many method to get to root, nothing is wrong as long as it worked, lol
iām open for help if you guys needed.
Stuck in my way to root. I can see what they have changed, but canāt understand it fully. Would anyone be so kind to send me some resources/tips to read on?
Thank you!
Type your comment> @jaybloggs said:
Stuck in my way to root. I can see what they have changed, but canāt understand it fully. Would anyone be so kind to send me some resources/tips to read on?
Thank you!
when iām on my way to root, i look for recently modified things, and found something that can escalate me. the key is the name of the machine ācompromisedā
so i just tried to follow the footprint and it lead me to root.
Type your comment> @itsdafafo said:
when iām on my way to root, i look for recently modified things, and found something that can escalate me. the key is the name of the machine ācompromisedā
so i just tried to follow the footprint and it lead me to root.
Hi thanks, I found whatās required but still need to find out where to use it.
Edit: got it.
Interesting box. Even though I saw immediately what was done it took me hours to escalate to root. Need to work out on my r*****e skills
Rooted the box after so many days, holy ā ā ā ā
root@compromised:~# id
uid=0(root) gid=0(root) groups=0(root)
root@compromised:~#
Big thanks to @itsdafafo for keeping me motivated to keep pushing and completing the box
PM if anyone needs a nudge
Type your comment> @deepansh0xB said:
Rooted the box after so many days, holy ā ā ā ā
root@compromised:~# id
uid=0(root) gid=0(root) groups=0(root)
root@compromised:~#Big thanks to @itsdafafo for keeping me motivated to keep pushing and completing the box
PM if anyone needs a nudge
Congrats. Itās not an easy one.
Would anybody be able to give me a bit of a nudge about where to find the creds for m****? Iāve found the rules as to why I canāt establish an outbound connection, Iāve bypassed some of the P** restrictions and can poke around the system and Iāve found the user who shouldnāt have what it has but I havenāt been able to find anything to elevate to the next steps. Been banging my head against the wall, my access is very limited and typical enumeration like linpeas and the like havenāt revealed anything about the creds to me
@jw0 said:
Would anybody be able to give me a bit of a nudge about where to find the creds for m****?
Have you downloaded some files and looked in there?
@TazWake /b____p/_.t__? I used the creds i found in there to exploit the CVE. Am I an idiot and those creds are also used for m* or do I need to have a closer look?
@jw0 said:
@TazWake /b____p/_.t__? I used the creds i found in there to exploit the CVE. Am I an idiot and those creds are also used for m* or do I need to have a closer look?
it isnāt cred reuse but you may want to re-check those files.
Grrr this ones frustrating me. I donāt know what Iām missingā¦ I can see which files the attacker has modified, I can see the differences between the b____p and the live pages, I can see what the attackers inserted (although I canāt figure out why theyāve added it in l**u***.i**.p**, on the other page I understand). With my limited access itās hard to test against m__. Itās going to be one of the obvious things thatās staring me in the face the whole time isnāt it?
EDIT: OMFG. I was right. I am an idiot. If youāre reading this and youāre in the same boat as me youāre an idiot too. Itās right there in front of your face, double, triple, quadruple check your syntax. Canāt believe myself, wasted soooo much time on something I tested a few times with incorrect syntax. Yes itās that obvious. Do it again.
Rooted. This one was fun. When it wasnāt painful.
WOW what a ride this box was 
Just rooted and here are my 2cents for the first shell, this tool will solve most of the problems you may have.
Got user, with a tiny hint. But drawing a huge blank on root. I have one idea, but canāt work out how to even start with it. Would someone be up for giving a nudge?
@bw00lley said:
Would someone be up for giving a nudge?
Iāve had a nudge now.