Official Investigation Discussion

@JSquared / @riboyster - happy to help; you both have DMs

Can someone give a little nudge for user? I think it’s about the mime.xml file
but I have nothing…

1 Like

Of course :heart:

I sent you a message related to this topic :relaxed:

There is no need to read all of them, it is possible to search only for those valuable :relaxed:

1 Like

Rooted! Pretty good box overall but did need a hint on root priv esc due to some confusion. Anyone who used ghidra willing to reach out and chat about it?

Nevermind, figured out what I misunderstood.

Feel free to reach out for hints!

Loved the rooting part, the user part was kinda annoying though

Very nice box. No so interesting in the beginning, but so good in the finding part

Rooted! :dragon_face:

Escalation had my eyes hurting, so I walked away for a while… then when I returned I quickly sorted things out. That was hilarious. :smiley:

Hi! I’ven been able to get the reverse shell, and i think i know what i have to do, but i cant open the log file properly to see the content. I don’t know if that’s what i have to do or not, any help?? :smiley:

EDIT: got the user already

LOL I got stucked for like 2 because the Upload function wasn’t working. I was getting no response from that and If the file had .php in the name, the server never respond. I tought that was a rubbit hole and there was something hiding to discover… :frowning:

Now I came back and upload is working…look like I wasted a lot of time while instead I should have reset the machine :frowning:

Rooted. Using GHIDRA I got tricked from a wrong “code” interpretation, then I used a site called “Decompiler Explorer” and that worked better.

Medium machine for sure :slight_smile:

First time to encounter reverse engineering content in the box, fortunately not too difficult :stuck_out_tongue_winking_eye:

I have grabbed the binary, looked at it and determined the arguments. One is c*** . I am not sure how to leverage this, though. Any tips?

Owned! It’s a good medium machine.
Foothold: google fu
User: Analyze This!
Root: Dragon will help you
Feel free to write to DM for hints, I will be glad to help! Just don’t forget to hit me a respect :slight_smile:
Hack The Box

same here. small hint is appreciated

check your first argument again. this solved it for me

1 Like

Finally got root. User was pretty simple and straight forward, but root took me forever!

What helped me was the hint from @jondan28. Releasing the dragon was more confusing than anything else, but that’s probably because I have zero experience in it. What helped me a lot was strace. Honestly, I still don’t know why it works, I will have to go through it another day. :smiley:

1 Like

I loved that box ! First initial foothold is easy but satisfying, then the part where you do some “investigation” is really great, think that part like it is forensic and look for mistakes when a user authenticate, the hacktricks page on Windows Event evtx will be helpful enough to find the right event :wink:
For the root part, it’s reverse engineering, I know that it’s a tricky part for most us (and also for me) but the dragon will reveal the readable instructions of that mysterious binary ;p
It’s a simple C code, it has arguments like every code but why ?
If you are really stuck, DM me :slight_smile:
This box really worth it

The skidz defaced the site :laughing: :laughing: :laughing: