Official Schooled Discussion

Reddsec · April 7, 2021, 8:48pm

So following a certain PoC to the letter, teach gets upgraded with the additional role, but student doesn’t. I could use some help figuring out why I do not get the same results. any help would be appreciated.

EDIT - figured this out. long road root but learned a ton!

RageWire · April 7, 2021, 8:58pm

Type your comment> @sicario1337 said:

(Quote)
I face the same at times when trying to do it on beta version… try on HTB Classic… I just submitted mine and it was accepted

Finally got that sorted out. The new htb was keeping parts of the server info from when it was in RA and it was moved to open lab while I was using it.
I used classic and re-rooted in 5 min. Yay.
Now it’s interesting that htb beta shows me having unobtaium as active despite it not being released yet. It has the same IP as schooled did when in RA.

rubenix · April 7, 2021, 9:29pm

x** is a rabit hole???

Reddsec · April 7, 2021, 9:50pm

Type your comment> @rubenix said:

x** is a rabit hole???

It is not.

TGRHavoc · April 7, 2021, 10:05pm

@Reddsec said:

EDIT - both teach and myself are M, but no S.A? am I on the wrong path?

I don’t know if you’re on the right path (I’m just a little bit further than you it seems) but, there’s deffinitly a way to upgrade your M account to a S.A account with the current, limited privileges you have.

Reddsec · April 7, 2021, 10:59pm

Type your comment> @TGRHavoc said:

@Reddsec said:

EDIT - both teach and myself are M, but no S.A? am I on the wrong path?

I don’t know if you’re on the right path (I’m just a little bit further than you it seems) but, there’s deffinitly a way to upgrade your M account to a S.A account with the current, limited privileges you have.

Yeah, I figured it out finally. i have what I am looking for now I believe!

cm359 · April 8, 2021, 11:58am

Got the ml hh and fed it to jo*. Still running after like 20 minutes with RU. Is it a rabbit hole?

Edit: nevermind, just finished
Edit2: nevermind2, root was the easiest part, foothold was frustrating

TGRHavoc · April 8, 2021, 1:09pm

Managed to root it last night… Took a while and I definitely learned a lot.

Going from user to root was definitely new to me and I learned a fair bit about this type of crafting. Foothold was frustrating for sure, but satisfying when you get it.

Stimpie · April 9, 2021, 12:10pm

Struggled quite a bit on root so my 2 pennies:

Figure out what you can run as a privileged user
Figure out how to create your own p********s with that.
Here was my struggle: Don’t copy paste from google. After I manually typed everything in it worked ------>That’s a nooooob moooove!
Run it as privileged user.

baitin · April 9, 2021, 2:01pm

can i get a nudge on getting user

R3s7D0ne · April 9, 2021, 3:25pm

Finally obtained user flag. good steal, good SA, good john, lesson learnt

levanto · April 9, 2021, 6:56pm

.

sicario1337 · April 9, 2021, 8:39pm

Type your comment> @baitin said:

can i get a nudge on getting user

Just basic enumeration is enough… keep in mind, folder structure in a bit different

dragonista · April 10, 2021, 1:00pm

Well… Up to the root part, I was fine. I struggled a bit because even though I had the correct vulnerability, I wasn’t using it on the right place. I like this kind of attacks, it’s realistic and I find it to be somewhat elegant if done right.
The root part… Well, I hate *BSD. Everytime I have to deal with it I feel like the documentation is awful. With that being said, it turns out that I had found the solution pretty early on but probably made a mistake implementing it. Seeing that didn’t work as expected, I moved on to other ideas and wasted quite a lot of time, fortunately @TGRHavoc put me back on the right path and it was just a matter of minutes before getting that golden shell root I was craving for Sooo yeah, really regretting not logging my inputs here, as I’m really curious why that didn’t work the first time.
Thanks also to @sicario1337 and @clure for their quick answers and trying to help me

By the way, am I the only one who had a really bad time on the last step to user ? I had between 30 and 90 seconds to figure out something before I had to start the process all over again because my RCE was destroyed.

thecog · April 10, 2021, 2:01pm

This was abnormally hard for me, since I did not expect HTB boxes to have the functionality that this one did. XSS is actually feasible this time!

theogenes · April 10, 2021, 7:27pm

Foothold: If you found a video then also look for the associated g**h**.
The video I used quickly skimmed over an important part. Making me think I was in a rabbit hole when I wasn’t. Thanks for the hints.

User: Look around first before trying to upgrade your shell, you might find some useful stuff. You will find some other good stuff in that general area.

Root: Takes like a minute if you look in g***b***. By far the easiest part.

sk1dy · April 10, 2021, 9:39pm

am trying to open account but it says This email is not one of those that are allowed
any hint ?!!

foalma321 · April 10, 2021, 10:36pm

Type your comment> @dj3bb4ran0n said:

am trying to open account but it says This email is not one of those that are allowed
any hint ?!!

tried @student.schooled.htb

foalma321 · April 10, 2021, 10:37pm

Rooted at last.Root part by far the easiest after a painful foothold part.

sk1dy · April 10, 2021, 11:57pm

Type your comment> @foalma321 said:

Type your comment> @sk1dy said:

am trying to open account but it says This email is not one of those that are allowed
any hint ?!!

tried @student.schooled.htb

yes i visited this one and i tested the email that mentioned there and still getting same message i even tried [teachers’s name]@[nameofthebox].htb but still getting same message