Official Pit Discussion

Had to get quite a few nudges on this one, but finally rooted it. Definitely learned a lot about the protocol, but I think it will take a bit more studying to actually “understand” all the pieces. Feel free to message me for nudges.

Type your comment> @luckythandel said:

I know what I am doing to achieve the root, but I don’t know what is missing here.
I have written script to run (where I cant see it) and I am triggring it with walking.
but it doesn’t seems to work. not even echo command into some file.
By the way, this might be an hint for some others.

2 things, check your filename, and if on your own box like kali, you may need to setup your M**S. Can DM if you need help. :slight_smile:

Type your comment> @jps3 said:

Can get a foothold, albeit briefly. Seems somewhat random when cut off and have to re-do it. Spending a lot of time trying to figure out how to maintain a foothold session to do any recon … any little tips for this?

if you have RCE, try looking for some config files, maybe there is some password reuse type stuff you could try if you had db creds.

Hi,
I need some help with the RCE to get the foothold. I can upload file, but I have problem in executing it.

I’m almost the> @Niotop said:

Hi,
I need some help with the RCE to get the foothold. I can upload file, but I have problem in executing it.

check the availability of the folder d*** from initial

Finally rooted. This was an interesting box because it pushed me to study a protocol that honestly I know too little.

Foothold/User: The big hint was in the twitter account of HTB. Once you understand what the main purpose of the box is, enumerate (google will help you out). Enumeration will lead to the main entrance. Look beyond what you see! You will then move to another place that’ll give foot in the box.

Root: Initial enumeration (in case enumerate again deeper) will let you know there’s something worth investigating. Once you spot it is a privilege escalation classic, minus the fact that the triggering point is a bit different (bear in mind the main theme of the box).

A good “walk” sometimes can clear you mind.
Thanks for the box!

Done. Took me longer than it should have due to a typo near the end. Like others above I learned a lot about a protocol I hadn’t used much before. It was also cool to see one of the classic exploits come back with a new twist.

Thanks @polarbearer and @GibParadox for a fun box.

The hints just before this from @alemusix are pretty good. But if you need more help feel free to PM.

Hey, can someone please explain me the last part of the root? I think i got the root with the help of another guy exploiting stuff…

Finally got rooted !!! Difficult box I think…

I’m a noob. Don’t have been able to find anything useful on s*** protocol. I activated full descriptions. I know of c**t daemon but I believe it’s for root part. I think I have to catch credentials on that damn s thing… :neutral: or get a shell with execute command but I had no luck.

@dylvie if you need help dm me.

Does anyone else experience strange timeouts while walking? I’ve asked some friends and they were able to walk much furher than me without any timeouts. I’ve also tried restarting the box (VIP+) and using three different vms/os - always the same problem.

I haven’t had issues with timeouts but I have burned a tonne of time trying to understand what to do. I can scan and see a vulnerability for pp-f** on n**x but can find no place to attack with that. Otherwise - I am totally stuck. If anyone has a nudge I’d be really grateful.

Type your comment> @todd112 said:

I haven’t had issues with timeouts but I have burned a tonne of time trying to understand what to do. I can scan and see a vulnerability for pp-f** on n**x but can find no place to attack with that. Otherwise - I am totally stuck. If anyone has a nudge I’d be really grateful.

have you take the walk ? And if so, didn’t you see something interesting ? (make sure to note every notable info). You can pm me if you need more help

start root part now,
PM for user part help

Rooted at last , enumeration of the walk will give you what you need for foothold.
Root was a pain as kali missing a vital part of the walk (i.e M**S) once installed root part was smooth enough.Quite a hard box for a medium but learnt a bit so all good.
![Foalma321] (https://www.hackthebox.eu/badge/image/74636)

Need a hint for root if anyone can help. Been trying to execute a script using s******k but I don’t think it’s executing as I can’t ssh in after. Any tips would be welcome!

Type your comment> @3ctr1x said:

Need a hint for root if anyone can help. Been trying to execute a script using s******k but I don’t think it’s executing as I can’t ssh in after. Any tips would be welcome!

Make sure script is named properly. And if you are using your own attack box, you will might need to download M**S. Or you may need to look at the nsExtendObjects or something.

I think that my walk doesn’t go as far as it should. Anyone else having the same problem? I’m on VIP+. Who can I PM to show my results and see if indeed my walk is short?

Type your comment> @subtilis said:

I think that my walk doesn’t go as far as it should. Anyone else having the same problem? I’m on VIP+. Who can I PM to show my results and see if indeed my walk is short?

you need to walk thoroughly, you will miss something if you only do casual one.