# id
uid=0(root) gid=0(root) groups=0(root)
Finally rooted! Once I got the foothold working priv esc was very simple, took like 30 min. Foothold was a pain in the ■■■ tho, the payloads are very fidgety so if one isn’t working, try a different one. Massive thanks to @PapyrusTheGuru for his help determining which shells the server refuses to execute.
#id
uid=0(root) gid=0(root) groups=0(root)
Very nice machine. I enjoyed every step, even though foothold was pretty PITA (especially payload part). Thanks @LMAY75 for saving my time and confirming what works.
Hints:
Foothold: Use virtualenv for exploit POC. That will save you time with incompatible system packages. There are typos in POC Readme - just keep focus. Remember that it’s not enough to upload something. You must also trigger it.
Root: Pretty straightforward. If you have Dali clock that is bent too much remember that you can do everything on the machine. Use their clock, Luke.
Just got root with some nudges from @trab3nd0 and @LMAY75
Some tips:
Foothold: Find someone else to appraise your jewels. As others have said, the github page is mostly correct but there is a typo and some encoding issues
Root: Don’t be afraid of bcrypt! (I normally don’t bother trying to crack them)
PM for nudges but make sure you tell me what you’ve tried
hey, anyone get this error in the final step at the root :
[ Error “Operation not permitted” while writing config ]
Type your comment> @KareemElsadek said:
hey, anyone get this error in the final step at the root :
[ Error “Operation not permitted” while writing config ]
Sync your time (your kali) with the box and you will get it
Finally, i’ve rooted it. User part took most of the time and was pretty awesome. No further tips are needed, everything is in this topic. For the root part: the thing you think is a huge waste of time. Well IT IS NOT a waste of time. Just do it.
Type your comment> @sparrow1 said:
#id
uid=0(root) gid=0(root) groups=0(root)Very nice machine. I enjoyed every step, even though foothold was pretty PITA (especially payload part). Thanks @LMAY75 for saving my time and confirming what works.
Hints:
Foothold: Use virtualenv for exploit POC. That will save you time with incompatible system packages. There are typos in POC Readme - just keep focus. Remember that it’s not enough to upload something. You must also trigger it.
Root: Pretty straightforward. If you have Dali clock that is bent too much remember that you can do everything on the machine. Use their clock, Luke.
Thanks @sparrow1 for saving me.
I’ve Rooted it.
It’s not working at all for me.
`
We’re sorry, but something went wrong.
If you are the application owner check the logs for more information.
`
This error pops up in port 8080 every time
Type your comment> @Spl01ter said:
This error pops up in port 8080 every time
That’s not a problem at all. In fact, that error is a good sign 
Can someone tell me if my payload is right 
Type your comment> @pizzapower said:
Also for the foothold, the way I found it was using a website that scans a certain file that is exclusive to the language involved in the blog. It parses the file and looks for vulns.
I found it like 5 minutes after the box was live. I was sure I was going to get blood, and then I had to go to work, and then I couldn’t get my payload to work properly, and then I drank too much.
I thought this was my one chance for HTB glory, because even easy boxes take me like 5 hours, usually, but alas, it was not in the cards, lololol.
I was trying around for hours. This hint helped me get at least the start/user. I thank you so much, this was a pain, lol.
Another good box - again it felt like user was harder than root, largely because I needed to do a lot of tweaking to get it working.
Privesc had a very interesting element - never seen that on a CTF before.
Can anyone give me a hint via DM on how to get foothold?
I’m pretty sure I am on the right track however i cannot get my payload to work properly.
@Arestenia said:
Can anyone give me a hint via DM on how to get foothold?
I’m pretty sure I am on the right track however i cannot get my payload to work properly.
It depends what your payload is and how you are trying to deliver it. Assuming you’ve injected via burp, you may need to refresh the home page to trigger it.
Is there a way to fix this error?
Error "Operation not permitted" while writing config
I have synced my machine to the server but it still won’t work. Tried many things but nothing is working.
@AidynSkullz said:
Is there a way to fix this error?
Error "Operation not permitted" while writing config
I have synced my machine to the server but it still won’t work. Tried many things but nothing is working.
Don’t try to create a new config, but rather use what you already have
finally root; this was a great and 'lessons learned ’ kind of box. I spend too much time on the wrong cve for foothold/user. lesson learned: make sure you check if the settings match the cve if they dont it is probably the wrong one and move on. regarding root: the tool with the spherical vegetable will not show you everything you need. make sure you manually double check the interesting file(s) for creds and dont be afraid of bcrypt.
thx to @TazWake putting me back on track for root.
Foothold was a mess for me XD
root@jewel:~# id uid=0(root) gid=0(root) groups=0(root)
Type your comment> @zaphoxx said:
finally root; this was a great and 'lessons learned ’ kind of box. I spend too much time on the wrong cve for foothold/user. lesson learned: make sure you check if the settings match the cve if they dont it is probably the wrong one and move on. regarding root: the tool with the spherical vegetable will not show you everything you need. make sure you manually double check the interesting file(s) for creds and dont be afraid of bcrypt.
Well actually the exact same tool gave me the interesting file along with its contents. Maybe you need an updated version.
There are a couple of things i don’t fully understand regarding the foothold, would like to discuss if somebody is interested.
There were so many points in this box where I thought “hey this is easy!” only to realize I hadn’t figured out the real issue yet. User gave me some trouble with setting up the G** because I barely have any experience with it.
Also had to look at the machine checklist after spending a while on d***.*** to make sure I wasn’t crazy about what I was trying to do.