Rooted, nice easy box.
Can anyone PM how can you get admin credentials to the web application w/o getting shell?(if it is possible)
Hi everyone, i’m new to this world so following a walkthrough. I’ve managed to get a rev shell onto the box, but in the walkthrough the user ran python3 -c ‘import pty; pty.spawn(“/bin/bash”)’ they didn’t get any error messages, i seem to be getting a few!
Traceback (most recent call last):
File “”, line 1, in
File “/usr/lib/python3.10/pty.py”, line 171, in spawn
os.execlp(argv[0], *argv)
File “/usr/lib/python3.10/os.py”, line 558, in execlp
execvp(file, args)
File “/usr/lib/python3.10/os.py”, line 575, in execvp
_execvpe(file, args)
File “/usr/lib/python3.10/os.py”, line 598, in _execvpe
exec_func(file, *argrest)
I tried to ignore this step and go onto the next but when they managed to get into the mysql DB mine just hung and didn’t show anything yet they were able to show DB’s.
Any help or a nudge in the correct direction would be appreciated.
It should have worked. Make sure the quotes are like here:
python3 -c 'import pty; pty.spawn("/bin/bash")'
Maybe it was some random error, try resetting box.
Also you can execute mysql commands without getting interactive shell:
mysql -u USERNAME --password='PASSWORD' -c 'select 1,2'
1 Like
Thanks for your help! a reset of the box seemed to have solved the problem! I’ve used the same command before and never had any issues. Didn’t think about a reset!
Can anyone help me with the root thing please. It just isn’t coming to me
If you still need help you can send me a message
I can say this box is one of the famous certification exam level for penetration testers. It is easy to find pathway but also you have to think a solution to own the box.
1 Like
What a simple fun box.
Im right at the end but I can’t get root
“Sorry, user mtz is not allowed to execute ‘/usr/bin/su’ as root on permx”, I fanyone could tell me where im going wrong it would be appreciated
I got the sub-domain, POC for a revshell foothold.
Then I’m going through the Linux Privesc academy modules many times already.
Can’t even get a user flag. 
Got the sub domain but I just can go there
Did you add it to /etc/hosts on your machine?
Okay now I got a working ssh creds for another login and user flag.
After letting GPT explain the script, it only works with actual file.
Hello, have you manage the user flag? I am in the priviledge escalation at the moment!
Stuck in the same place, I have tried several things… I will keep trying!
I’ve rooted the box last night. Needs some refreshing on Linux during privesc.
So the symlink is not worth keep trying?!
I’ve been stuck on this lab for a few days and can’t even get the first flag. I feel like I’m missing something very obvious. I accessed the permx.htb (eLearning) page but none of the links lead anywhere. i used gobuster and found some directories. I’ve looked through the page source and looked through the files from the located directories but I’ve been unable to move any further for days now. I can’t locate any subdomains or user credentials. Any hints would be greatly appreciated. I thought i might find something in the lib files but haven’t found anything.
Cool box, especially the root part taught me new things 
I’m stuck: I found a subdomain and many folders in this sub domain. I found some informations, probably for later use, but nothing else. I search some CVE, but I was not able to make it work.
Someone can help me?