Official Monitors Discussion

Type your comment> @h0l1st1c4l said:

hmm, I got a hash, do I need to crack it. seems to take ages with the feline tool. any hints ?

maybe not. focus on my comment before :slight_smile:

the machine seems to shut down continuously, it is normal or is it my problem?

it looks like the box is just getting alot of resets, people prolly thinking the compiling error will go away if they do (it wont) :sunglasses: :

Hi guys got userā€¦ is T****t a rabiit hole or way to go. ?

I have a foothold but cant seem to find anything else useful to get user. I feel like iā€™m missing something easy but iā€™ve been poking around on the box all afternoon and no progress towards reading the user flag.

finally rooted, a big thank for @OldProgrammer for the hint :wink:

Rooted. Another challenging box!

Foothold: enumeration will guide you into the right direction. Youā€™ll need to gather all possible information you can. After moved into other places, again enumeration and google will allow you to gain foot into the box

User: basic enumeration

Root: This required some steps, enumerate everything and ā€œlistenā€ carefully. Google has all ingredients that youā€™ll need.

Thanks for the box!

Very nice box, challenging for me, had some headache with exploiting manually but it was on me. Overall fun time

OK Finally rooted. Root part was fiddly compiler errors etcā€¦and other users leftovers using the generic exploit name,Other than that NIce box.
![Foalma321] (https://www.hackthebox.eu/badge/image/74636)

Wow, this box was definitely a challenge for me. Took me a few days.

Foothold: Enumerate. Once you find it, use it to enumerate even further, and look very carefully, you might miss something important. The last step to get the foothold can be a little frustrating but fight through it because youā€™re almost there.

User: Basic enumeration. If you get stuck, you might wanna try to look for something specific and really ā€œreach outā€ for it.

Root: Be like El Chapo. Dig a tunnel and escape.

Rooted. Very nice box.

Spoiler Removed

Feel free to DM if youā€™re still stuck. > @NO53LF said:

This is a tough oneā€¦ Found initial vuln and creds pretty quick but been going over the FS for a while and found some interesting stuff but still no indication on where to access itā€¦ I see references to Ca*** but brick walled now :confused:

Edit: I found by luck the ci-acc.log and /etc/apa2/sites-av***/mon*****.htb but no alias in there to point to any accessā€¦ not sure what Iā€™m missing?

Type your comment> @ch13fw0tj said:

Feel free to DM if youā€™re still stuck. > @NO53LF said:

This is a tough oneā€¦ Found initial vuln and creds pretty quick but been going over the FS for a while and found some interesting stuff but still no indication on where to access itā€¦ I see references to Ca*** but brick walled now :confused:

Edit: I found by luck the ci-acc.log and /etc/apa2/sites-av***/mon*****.htb but no alias in there to point to any accessā€¦ not sure what Iā€™m missing?

Appreciate itā€¦ Got a nudge from a buddy and got user so on to root now!

I can read files, was able to find the directory of the webserver and read the coig files, got creds to m*l. From this point, I canā€™t find a way forward to create a reverse shell. Nor I can find anything to ssh. Iā€™ve tried everything I know but no luck, and Iā€™m out of ideas now. Someone, please give some hints on how to proceed.

Type your comment> @gs4l said:

I can read files, was able to find the directory of the webserver and read the coig files, got creds to m*l. From this point, I canā€™t find a way forward to create a reverse shell. Nor I can find anything to ssh. Iā€™ve tried everything I know but no luck, and Iā€™m out of ideas now. Someone, please give some hints on how to proceed.

Same here. Interesting but frustrating.

@gs4l said:
I can read files, was able to find the directory of the webserver and read the coig files, got creds to m*l. From this point, I canā€™t find a way forward to create a reverse shell. Nor I can find anything to ssh. Iā€™ve tried everything I know but no luck, and Iā€™m out of ideas now. Someone, please give some hints on how to proceed.

@grokgrok said:
Type your comment> @gs4l said:

I can read files, was able to find the directory of the webserver and read the coig files, got creds to m*l. From this point, I canā€™t find a way forward to create a reverse shell. Nor I can find anything to ssh. Iā€™ve tried everything I know but no luck, and Iā€™m out of ideas now. Someone, please give some hints on how to proceed.

Same here. Interesting but frustrating.

Look for the common files used with the vulnerability. A famous list will help

fell free to Dm me if you are stuck

Wooow that box was really really cool !
It turns out that you donā€™t need the user part to get root. That got me confused for a while as I was walking the root path unknowingly while trying to get user.
There are a lot of steps from recon to root, but except maybe the very last one, everything relies on having your eyes open and asking yourself the good questions. I can honestly say that if you get stuck on this box itā€™s only because you havenā€™t looked at the right place.

That was very enjoyable @TheCyberGeek

Got user, found something potentially promising, but I wonder if this could be a rabbit hole.
Did someone manage to make the exploit for local port 8*** work ? Been trying for some time, but even if the exploits complete, Iā€™ve got no result on my listeners. The clues left in the user directory also seem to point another way, so maybe Iā€™m not on the right track ā€¦

EDIT : Not a rabbit hole, an exploit will work for this service. Now I gotta escape from jail