very nice machine definitely learned a lot
At what stage are you? Seems you have a shellā¦ but youāre probably in the wrong place. Thereās another door, which might seems to lead to the same place, but it leads to a different oneā¦
I have a ssh session with the m*** user
Then linpeas should give you the answerā¦ SUID part.
got the root on whale, but unable to find any way to escape itā¦ can someone give some hintā¦
work out how to use the file in / to your advantage. where are the commands in that file looking, how could you look for something else, or for everythingā¦?
I got the shell and even i know what next to do. how can i edit the file in shell?
Just got the root flag, actually easy in the end. Just pay attention when you land after the container bit. All, very clear from there.
Hello everybody,
actually Iām a little lostā¦ Iām pretty sure Iāve discovered a valid Username/Password-Combination. Now Iām trying to ssh into the host via āssh m******@10.10.11.211ā after a minute without any reaction, it gives me the simple message āconnection closedby 10.10.11.211 port 22ā
I also didnāt get any chance to enter a password, no further hints about the reason for the closed connection.
Does anybody has an idea what Iām doing wrong?
I can reach the host via ping and nmap is showing port 22 openā¦
Any help appreciated
Edit: iāve added ā-B tun0ā in the ssh-Arguments to ensure that Iām using the correct interface. Still not workingā¦
Itās working for me. Does your ssh work with other HTB machines? Is your router/firewall blocking ssh to certain networks/IP ranges? Maybe VPN config?
I have root but there are no flags anywhere?
finally got my initial footholdā¦ I will say to help some other folks that not all POCs are created equal and the exploitdb version doesnāt work out the box I recommend the github version of the poc
Youāre in the wrong place thenā¦
Can anyone dm me for flags, what i am missing pls help.
Can anyone help guide me towards the user flag? Iāve gained a foothold and found the .sh file (and what appears to be useful information), however, I am unclear where to go from here for the USER flag. Any help would be appreciated. Feel free to DM. Thank you!
Thanks for all the tips!
guys im root
but ā¦ where do i find both flags??
the other posts in the thread should give you enough hints, you are not in the right place even though you are root
do some research about the hosted service and learn about what technologies it uses to run, then look for unusual files in obvious places
I think if you think as a matryoshka youāll figure out what happens. Anyway, what you did is not useless.
Owneeeed
for real privesc you need to follow admin hints