guys trying to get into root if i type “sudo -l” i get the following issue, with all the 3 users wwata , jy and J*****a
$ sudo -l
sudo: PERM_ROOT: setresuid(0, -1, -1): Operation not permitted
sudo: unable to initialize policy plugin
Any help for this issue? pls ping me if you have any info, thank you in advance
@theLorD said:
still in the low-priv shell and just got the mi credential in the d***_s*******.i**.p** file, but cannot connect to that service… am i on the right path?
yes
@wsurfer said:
guys trying to get into root if i type “sudo -l” i get the following issue, with all the 3 users wwata , jy and J*****a
$ sudo -l
sudo: PERM_ROOT: setresuid(0, -1, -1): Operation not permitted
sudo: unable to initialize policy pluginAny help for this issue? pls ping me if you have any info, thank you in advance
reset the box
Got user 1. Would be able to get user 2 if people didn’t keep resetting the box haha
Best advise I can give on the first part - it’s easy to over-think it or over-complicate it. Enumerate well and don’t dismiss something that looks important. Remember that the weakest link is the user.
I got the RSA key through curl for user2 but unable to crack with john…help appreciated
Pretty fun box, and the first I was able to do in a few hours. Was really dumb on user, answer was staring me in the face the whole time.
Any nudge would be way cool. Got user 1 ok, got user 2 ok, and for some reason I hit a wall with root. It looks like it should be straight forward. I checked j******a’s privs, and it looks like I should be able to use nn to get some joy, but it says the file is not found. It doesn’t say I don’t have permission, just that it isn’t there. GTFO B, I have tried every thing in there multiple times, and also no joy. I have even copied and pasted exactly to make sure I am not fat fingering it. Am I barking up the wrong tree here? did someone hide the flag? any help would be super appreciated. Thnx
Type your comment> @BlackCYCLOPS said:
Any nudge would be way cool. Got user 1 ok, got user 2 ok, and for some reason I hit a wall with root. It looks like it should be straight forward. I checked j******a’s privs, and it looks like I should be able to use nn to get some joy, but it says the file is not found. It doesn’t say I don’t have permission, just that it isn’t there. GTFO B, I have tried every thing in there multiple times, and also no joy. I have even copied and pasted exactly to make sure I am not fat fingering it. Am I barking up the wrong tree here? did someone hide the flag? any help would be super appreciated. Thnx
Same here. I think we can root it once we can do it. Tried GTFO and it gave wt I expected if I can pass through the permission issue. Hope if someone can say "On not permitted" is expected with ja.
I have j****a and I did the sudo thing but when I try to run those things it’s asks me for a password. Can someone give me a nudge?
Figured it out. Anyone who took an alternative route I would love to hear how you did it. I am new and would love to read other peoples methodologies.
rooted.
turn out johny is much more speedy than some single threaded py script i google… . Learn a new thing about web server module and a few tricks on enum. GG.
======================
Hi,
I run into the issue of setresuid(0, -1, -1) when running a reverse shell session from j*a . Am i supposed to crack the passphrase for her ssh account and privesc via ssh connection? If i login with jy, sudo command seems to work fine without the error below. …
sudo: PERM_ROOT: setresuid(0, -1, -1): Operation not permitted
sudo: unable to initialize policy plugin
ps:i have tried reseting the box
uid=0(root) gid=0(root) groups=0(root)
Feel free to PM if u want some hints. I found what I miss but I dont know why. I wish someone who can discuss with me abt it.
This is a fundamental box which should be kept live all the time for beginners like me. I am not experienced pentester but I can feel it is intended to be “standard”.
Thanks @SamTheSapien for confirming the direction.
Rooted! It was an easy but fun machine. I’m available for nudges, if you need a little help, PM me.
@BlackCYCLOPS said:
, but it says the file is not found.
It kind of depends on how you are issuing the command. It shouldn’t say this if you’ve used the string correctly. Most times I’ve seen it people are trying to add or remove something from the command they can issue.
However, as with everything on this box, it is possible that some clown has decided to break it to stop others progressing.
@4an7o said:
Same here. I think we can root it once we can do it. Tried GTFO and it gave wt I expected if I can pass through the permission issue. Hope if someone can say "On not permitted" is expected with ja.
When its works, it is trivially easy. The command sequence drops you into a root shell quite reliably. Most problems are it producing a low priv shell or asking for a password. Both result from a slight error in how it is invoked.
@xformer1337 said:
Hi,
I run into the issue of setresuid(0, -1, -1) when running a reverse shell session from j*a . Am i supposed to crack the passphrase for her ssh account and privesc via ssh connection? If i login with jy, sudo command seems to work fine without the error below. …sudo: PERM_ROOT: setresuid(0, -1, -1): Operation not permitted
sudo: unable to initialize policy pluginps:i have tried reseting the box
A lot of it depends what you are trying to achieve here and how you have a reverse shell running as that user.
If you’ve been able to gain access to that account, it is significantly easier to have ssh’d in. Then you can use what is effectively a living off the land type attack.
looks like someone has trashed the box.
uid=0(root) gid=0(root) groups=0(root)
Sun Jan 19 20:16:07 UTC 2020
A great mix of cve and crazy sysadmin 
2nd user was hardest for me- way overthinking things and didn’t use what I already had for days… Enumerate, pay close attn to what you’ve found and how to use it and keep going, it’ll be grand
Huge thanks to @TazWake and others for the subtle hints and encouragement in this thread. Keep at it and all the pieces will come together. Thanks also to htb and the people that put the time into setting up and submitting the boxes.
And please stop resetting the boooooxxxxx…!!! lol
So pretty sure I know how to priv esc from user2, but the box seems messed up and though I tried to reset it, it still says last reset was 9 hours ago. 
If someone can give a nudge. I have GTFO, but keep getting passwd prompt.
@50m30n3 “context is everything”, what is run and how is important (and the right gtfo for that scenario). keep at it, you are almost there