Official TheNotebook Discussion

Type your comment> @Timsu said:

Currently stuck at foothold sadly. Found an interesting thing. Tried a various ways to pass the gate with it, but still couldnt get anywhere. Any nudges will be appreciated.

Why don’t you HMU in the DMs with what all have you tried?

Great box, thank you :slight_smile:

This was a fun box. Thank you to those who helped!

Don’t over think things, and remember to read the source code of your exploits so you don’t look like a fool!

Great Box Thank You

whoami && hostname && id
root
thenotebook
uid=0(root) gid=0(root) groups=0(root)

This was a fun box! Root took me a while.

Foothold: No reason to be a brute. Just offer polite assistance.
User: You don’t need hints from me for this.
Root: Can’t make an omelette without breaking some eggs. There are good recipes online. Don’t overthink the way into the hen house.

Nice box, very good to mess with stuff that i never did before!

Foothold: Well, a must check pentesting procedure should lead you there. If you never messed with it (like me) search for that typ key :slight_smile:
User: Did you checked everything before getting the foot in? there might be a good lead in the panel (dont need scripts at all)
Root: The typical command as a “shell pops” might be sufficient to guide you.
If you cant find a way into it, check the machine matrix, it should lead your research a bit. And, as someone said, dont execute things without (at least) looking at them

If needed, just PM for HELP (not solutions)

Rooted, funbox thanks to @clure for the foothold pointer.

I found the root part of this box to be very exciting for some reason ^^
I lost quite some time because even though I had found the correct vuln pretty quickly (like it’s hard not to stumble upon it), I assumed it wouldn’t be it because I thought HTB didn’t want this kind of thing. But I eventually decided to give it a go and… yeah, w00t w00t !
Thank you @mostwanted002

Thank you @mostwanted002 for the box really enjoyed it. I went around the houses and down a lot of rabbit holes but got there in the end and learnt so much (and a lot of extra stuff for future boxes with different vulnerabilities! :wink: ).

And Thank you @clure for letting me drag you around the houses too, your hints were top notch, much appreciated!

Rooted! Nice machine! Thank you! It was a little heavy for me as I did not have previous experience with the attack vectors.

My hints:

Initial foothold: check how the application works. Basic enumeration should lead you to change what you need to get access.
User: pretty basic enumeration too. If you’re stuck check for hints on the application posts.
Root: this one took me some time. Basic enumeration should give you what you need. What is a bit tricky is to research for what will help you get root and make it work.

Hi guys, good afternoon! I’m stuck on the w part and for some reason I can’t get a request to my local webserver to get the file (the w is fine and poiting to http://MYIP:7070) but I can’t see any requests from there: “Serving HTTP on 0.0.0.0 port 7070 …” Could someone shed me a light? Thank you!

Finally rooted!!! nice machine.
The foothold and root part took me some time but it was worth it.

Very nice box! The foothold took me the longest as I wasn’t familiar with the technology.

You should be able to root it with the hints from the last couple pages but feel free to PM if you need a hint. Just let me know what you’ve tried until now.

Thank you, @mostwanted002 for a really fun box!

Foothold and root both took me ages, but the “light bulb” moments were very rewarding.

foothold and user were relatively straightforwarded. but now i am stuck on root. I think i got the right path but would like to check with someone if I am on the right track as I couldnt get a shell back yet with the exploit I am trying to use. pls pm me.
rooted: took me a while to understand how this works and to get the exploit to work properly. thanks @xDragon for resolving an issue with the final exploit.
funny thing … just learned the things I needed for foothold/user last week … and what I learned for root I can apply to a current running pentest. So this is was a full on machine experience. well done … :smiley:

finally get root shell.
DM if you are really stuck

Found the way to get the PE (100% sure, proved in the HTB Discord that it’s the one) - but it does not work. Like it’s runs but nothing happens.
Thought I’ve broke the way on the machine - even restarted it.
But after I’ve mentioned, that it fixes itself.
Tried to be “faster” - same result.

Does anybody encountered such problem?

@spellanser said:

Found the way to get the PE (100% sure, proved in the HTB Discord that it’s the one) - but it does not work. Like it’s runs but nothing happens.
Thought I’ve broke the way on the machine - even restarted it.
But after I’ve mentioned, that it fixes itself.
Tried to be “faster” - same result.

Does anybody encountered such problem?

Are you running two sessions? The approach needs the exploit running in one, while you “exploit” it properly in the second before the first one finishes.

Type your comment> @TazWake said:

@spellanser said:

Found the way to get the PE (100% sure, proved in the HTB Discord that it’s the one) - but it does not work. Like it’s runs but nothing happens.
Thought I’ve broke the way on the machine - even restarted it.
But after I’ve mentioned, that it fixes itself.
Tried to be “faster” - same result.

Does anybody encountered such problem?

Are you running two sessions? The approach needs the exploit running in one, while you “exploit” it properly in the second before the first one finishes.

Yeap, I’m running in two sessions.

Type your comment> @spellanser said:

Type your comment> @TazWake said:

@spellanser said:

Found the way to get the PE (100% sure, proved in the HTB Discord that it’s the one) - but it does not work. Like it’s runs but nothing happens.
Thought I’ve broke the way on the machine - even restarted it.
But after I’ve mentioned, that it fixes itself.
Tried to be “faster” - same result.

Does anybody encountered such problem?

Are you running two sessions? The approach needs the exploit running in one, while you “exploit” it properly in the second before the first one finishes.

Yeap, I’m running in two sessions.

Damn it, I’m an idiot. Found my mistake.

Hint: remember, that then you remove file on Linux, which is used by a running process, it will not be removed. It’s inode still there.