Official MonitorsTwo Discussion

Ori · May 11, 2023, 2:16am

very nice machine definitely learned a lot

BuZuS · May 11, 2023, 5:26am

At what stage are you? Seems you have a shell… but you’re probably in the wrong place. There’s another door, which might seems to lead to the same place, but it leads to a different one…

mrZapp · May 11, 2023, 4:24pm

I have a ssh session with the m*** user

BuZuS · May 11, 2023, 4:50pm

Then linpeas should give you the answer… SUID part.

DeeKay911 · May 11, 2023, 10:34pm

got the root on whale, but unable to find any way to escape it… can someone give some hint…

rancilio · May 12, 2023, 6:20am

work out how to use the file in / to your advantage. where are the commands in that file looking, how could you look for something else, or for everything…?

machliManav · May 12, 2023, 6:34am

I got the shell and even i know what next to do. how can i edit the file in shell?

tactinix · May 12, 2023, 8:43am

Just got the root flag, actually easy in the end. Just pay attention when you land after the container bit. All, very clear from there.

mweber · May 12, 2023, 1:20pm

Hello everybody,
actually I’m a little lost… I’m pretty sure I’ve discovered a valid Username/Password-Combination. Now I’m trying to ssh into the host via “ssh m******@10.10.11.211” after a minute without any reaction, it gives me the simple message “connection closedby 10.10.11.211 port 22”
I also didn’t get any chance to enter a password, no further hints about the reason for the closed connection.
Does anybody has an idea what I’m doing wrong?
I can reach the host via ping and nmap is showing port 22 open…

Any help appreciated

Edit: i’ve added “-B tun0” in the ssh-Arguments to ensure that I’m using the correct interface. Still not working…

BuZuS · May 12, 2023, 2:00pm

It’s working for me. Does your ssh work with other HTB machines? Is your router/firewall blocking ssh to certain networks/IP ranges? Maybe VPN config?

cherrypine · May 15, 2023, 11:48am

I have root but there are no flags anywhere?

404ghostie · May 16, 2023, 2:05am

finally got my initial foothold… I will say to help some other folks that not all POCs are created equal and the exploitdb version doesn’t work out the box I recommend the github version of the poc

BuZuS · May 16, 2023, 6:43am

You’re in the wrong place then…

s4kura · May 16, 2023, 1:08pm

Can anyone dm me for flags, what i am missing pls help.

rgrimm8 · May 17, 2023, 5:23pm

Can anyone help guide me towards the user flag? I’ve gained a foothold and found the .sh file (and what appears to be useful information), however, I am unclear where to go from here for the USER flag. Any help would be appreciated. Feel free to DM. Thank you!

Koz · May 18, 2023, 3:39am

Thanks for all the tips!

untyp · May 18, 2023, 4:54am

guys im root
but … where do i find both flags??

otter · May 18, 2023, 7:42am

the other posts in the thread should give you enough hints, you are not in the right place even though you are root
do some research about the hosted service and learn about what technologies it uses to run, then look for unusual files in obvious places

darvidor · May 18, 2023, 8:08pm

I think if you think as a matryoshka you’ll figure out what happens. Anyway, what you did is not useless.

Ko0fash · May 19, 2023, 11:47pm

Owneeeed

for real privesc you need to follow admin hints