Hello! I have rooted this machine but I have problems with flags. When I try to submit a flag (user or root) it says “Wrong Flag”. I have also rooted 6 other machines and this is the first time I get this error. I am sure I have the correct flags and I am sure i do the “copy-paste thing” correctly. Anyone else has this problem? Tried to reset the machine but problem still persists 
I found some backup files and I have read those file. But I have no idea what to do next. Am I missing something? Or I am on the wrong track?
Hello, I was able to crack the hash with a custom script and the rockyou.txt list. I did several try with John and hashcat but I was not successful. (but I was able to crack my own password with john). Can someone help me to understand what went wrong? Thanks
Type your comment> @andy0963 said: > I found some backup files and I have read those file. But I have no idea what to do next. Am I missing something? Or I am on the wrong track? reading these files carefully will let you find something interesting that you could exploit. however it is not necessary. I first got user and then I read these files and I was like “oh thats why my attack worked”
@reflex I also can’t submit the flags. Always reports as incorrect.
best hint: DO NOT TRUST BROWSERS!
I get trust issues 
Question!! This is not a hint or a nudge or anything so move along unless you finished Hello! having fun with this box but have a learning question - why can’t i ‘cat’ myself? Shell session x closed Played with many payloads (if i didnt play with enough please just tell me 
Dont want to “pipe” the answer ( this wasnt my instict, and trying to understand) Why must i smoke this file in my pipe? its making my toes ‘curl’ in a bad way. I want to use my own commands!!! <3 Thank you
Rooted! Thank you everyone on here for all of your hints. You really helped out a “newguy” like me. I learned so much! User1: Don’t just trust your browser. User2: Make sure no one gets sick. Then heed John’s warnings. Root: Blaze your own trail If anyone needs hints, I can try my best to help! DM me.
Fun box, it fits right into easy boxes, with a pretty classical way of doing things. That being said, the the user part that got me stuck for a while due to encoding issues. How did you guys manage to get that right ? I had to install Gedit to open the file, copy/paste the relevant part and save it in a way hashcat would understand. Neither Vim nor Sublime worked. Thank you @m4lwhere !
I worked it out right up until the user.txt, im new this ;-;, I ran s****l command and found out what runs, but i just can’t find a way to alter that file, someone please gimme a nudge T__T
Type your comment> @theblank7 said: > I worked it out right up until the user.txt, im new this ;-;, I ran s****l command and found out what runs, but i just can’t find a way to alter that file, someone please gimme a nudge T__T UPDATE ---------------- @dragonista nudged me in the right direction and now i have root access ???. Once again TY @dragonista . And thank you @m4lwhere for the fun box 
Got root! Pretty easy box all things considered. Getting foothold is a case of **read whats given to you**, escalating to user was the biggest pain because it was being awkward. Root was extremely easy actually.
Hi. I’m stuck at step after I got into web UI. Now trying to inject code in login.php to read passwd file. Am I in right direction? Could someone give me a hint?
Hi Everyone, Started this box yesterday and have managed to get user cred’s. But really struggling with the hash like alot of others? I’ve got the correct hash, tried J & cat but no matter how I change the syntax always get Token Length Exception. Tried messing about with the hash & changing bits but running out of options and still get same message. Would someone be able to help please? Thanks
Type your comment> @Monicon said: > Hi Everyone, > > Started this box yesterday and have managed to get user cred’s. > > But really struggling with the hash like alot of others? > > I’ve got the correct hash, tried J & cat but no matter how I change the syntax always get Token Length Exception. > > Tried messing about with the hash & changing bits but running out of options and still get same message. > > Would someone be able to help please? > > Thanks Thanks for the htb community on this one - I’ve now completed this box - fully rooted. I did have trouble with the hash section but kudos to m4lwhere for giving me a helping hand.
pwned. A fun machine, thanks @m4lwhere for creating it. Though I think there already have plenty of hint in this discussion. I’ll still provide some hint using my own experience on this machine. User1: Your browser can fool you. It might have done something for you and you don’t even noticed. User2: Reading is important, especially when you have access to some sensitive file. root: A simple privilege escalation will be enough. Thanks to @reflex for reminding me reading is important. I could not believe I missed it in the first place. Also huge thanks to @dragonista who helped me on my foothold. Although it turns out is I have made a simple mistake so I could not get to user2.
how to get shell bu using OS Command Injection ?, it doesn’t work for me
If anyone used windows to use the cat I would love to know more about how you got that to work. Could get it to work in a Kali vm no problem just took quite a while, would have much preferred to use my gpu.
Some tips and tricks: 1. Find open ports 2. Browse around using your favorite proxy tool 3. Figure out how to create an account with the application functionality (tamper) [Foothold] 4. Get the backup files 5. Mental note on the configurations 6. Read all backup file code. One file runs machine code. 7. Exploit that entry point. Tip: a. What language do I use? b. No spaces [User 1] 8. What can you use from step 5? What services are running locally? Tip: If you don’t get output ‘exit’. 9. Get the credentials and identify the hash. 10. Crack it. I couldn’t with the cat but my main guy did it in 16 minutes (Kali VMware 1 CPU 4GB RAM). Tip: Use the biggest word list you have. [User 2] 11. Use a better shell. 12. What can you run as sudo? 13. Read the program and figure out what it does. Tip: a. How does Linux differentiate extensions between a program vs text file? b. Experiment in the correct directory [Sudo]
1 Like