You should to add to the /etc/hosts file like 10.10.10.10 lala.htb
Itâs indeed not a default installation⌠Enumeration is key just keep looking. PM 4 nudge
â â â â i donât understand anything else
Can anybody dm me with a nudge for privesc please? Iâll let you know what Ive already tried
PM me if you need a nudge, but above hints are already there.
Enumeration and researching what you find is all you need. For both user and root you just need to think about what youâve found and how that can help you move on.
LOVED this box. It made me laugh in some many places too. Great work @secnigma
foothold
- broaden your repertoire of scanning tools as mentioned. I might have gotten too used to scanning for dirs but not paying too much attention to other valuable data the server might have for me
user
- youâll need a little bit of elbow grease on this one but follow the bread crumbs and use the right tool for the job. It takes patience but its worth it. Make your little guest talk, quite a lot. This is the cyber version of leaving something very important in a post-it-note?
root
- enum enum enum, one of the most basic steps will get you there.
this box was a real treat. the biggest hints are spelled out for you there, not here. at every step the right tools will tell you everything you need to know.
As an Office fan I loved this machine. I loved how you put little dialogues for every character. I was expecting a password somewhere to be âthatswhatshesaidâ ngl. The user was fun, it was a combination of enum, exploit and attention to detail. Great work @secnigma
Can somone pm me need help getting root flag
already chatting at this point, any hints? trying to cat the obvious identification file but the target folder looks empty
any nudges for privesc? Iâm stumped.
can you give me a hint on priv esc?
Rooted!
Awesome box! super fun! Thanks @secnigma !
Foothold: remember to run all the tools!
User: everything you need is in chat just need to go back once!
Root: took me while to get root, to be honest I just blindly tested a newish exploit and it worked. lol
Pm me for any help.
Thank you for your kind words.
Glad you guys liked the box!
@Evo9 @TuxedoNetcat @can @mirutanku
Rooted! A few tips from me:
- User: Initial step involves a bit of enumeration. Keep your eye out for something that is non-default. Then, follow the breadcrumbs. Just because someone says itâs secure, doesnât mean it is.
- Root: Update linpeas.sh!
Very fun box and learned a good bit!
User: Figure out exactly hu youâre talking to and what they can do
Root: New stuff is your friend
Feel free to reach out if you need help
Also⌠almost died laughing when logging in as clops. Thanks secnigma
Finally rooted!
Awesome job @secnigma and thank you for this fun box, Iâve learnt a lot!
Some quick tips for those stuck:
- Foothold: enumerate well, donât throw just the basics
- User: look deep on what is making the machine vulnerable
- Root: be up to date!
Can anyone PM me a hint for getting a foothold please? Iâve tried all the hints in the thread but I canât seem to get anywhere.
thanks for the new tool
Very fun machine with laughs along the way.
I did have more trouble than I care to admit with rooting the box. It seemed like I had a âshot clockâ for the last few commands before a previous change was reverted. Maybe it was just a quirk of the timing.
Thanks, @secnigma !