Depending on the wording of the message, it can be easy to troubleshoot.
If it is on launching the command (not the GTFO sequence), the command hasn’t been entered correctly.
If it is on connection, the identity file hasn’t been used correctly.
If it is on opening the identity file, its the wrong password.
Based on this, I’d say if you are getting the password prompt when you try to launch the command you want to GTFO out of, the chances are you’ve deviated from the syntax in the file you looked at to get the command.
I have to thank TazWake for that last push. First box rooted. Thank you to everyone who put tips and suggestions in this discussion. This was a great beginner box and I look forward to learning more as I move forward to other boxes.
alright, this was not a particularly difficult box.
Foothold: find the vulnerable service, Google-fu
User 1: it’s right in front of you, don’t over think
User 2: pay attention to what you’re given
Root: Simplest priv esc yet on HTB
Overall a fun box. Quickest own yet for me personally.
Bashing my head against the wall. Have found i*****l and the interesting scripts. I understand what they do. How the ■■■■ do I use them/call them? Attempting to activate them directly causes the cat inside to fail due to permissions, while curling every webpage and file path that I can find results in no progress either due to either not finding the .pp files or not working on a given webpage. Calling them directly on a web console on all five subdomains also fails.
My vague understanding is that if I curl a PT with username jy and password Rd then it spits out a key for j****a at me. Either I suck at curling or I’m aiming at the wrong place - probably both.
I can’t find the login page that these scripts are supposedly based on either, so even when I am curling I’m not even convinced that I’m doing it right.
Any help? Particularly on the front of where the heck I point this thing. If it’s too spoilery for the thread then please PM.
Edit: @deathgosh I’ll assume you’re stuck right at the start. You need to start with scanning the box as usual, see what services and ports are up. Once you have that, you’ll need to dig into those a little closer to see if there are any parts or hidden pieces of those services that have something unusual that you may be able to exploit. Keep searching around until you find something strange, then plug it into google to see if there is a CVE for it.
Finding the thing you need to exploit is simply a matter of finding the correct tools - very little manual work to be done, if you are struggling then you are using the wrong tool.
samdtyler maybe check with the indian if your doing it at the right place?
When I have curled and got the key for j****a johns friend says that it is not a valid key file? I think I am looking at the right place, with correct friend of johns, but I don’t get why he is complaining. any nudge?
EDIT: wow, after looking at johns friends script I saw my error, I had missed a dash when copying…
Bashing my head against the wall. Have found i*****l and the interesting scripts. I understand what they do. How the ■■■■ do I use them/call them? Attempting to activate them directly causes the cat inside to fail due to permissions, while curling every webpage and file path that I can find results in no progress either due to either not finding the .pp files or not working on a given webpage. Calling them directly on a web console on all five subdomains also fails.
My vague understanding is that if I curl a PT with username jy and password Rd then it spits out a key for j****a at me. Either I suck at curling or I’m aiming at the wrong place - probably both.
I can’t find the login page that these scripts are supposedly based on either, so even when I am curling I’m not even convinced that I’m doing it right.
Any help? Particularly on the front of where the heck I point this thing. If it’s too spoilery for the thread then please PM.
Edit: @deathgosh I’ll assume you’re stuck right at the start. You need to start with scanning the box as usual, see what services and ports are up. Once you have that, you’ll need to dig into those a little closer to see if there are any parts or hidden pieces of those services that have something unusual that you may be able to exploit. Keep searching around until you find something strange, then plug it into google to see if there is a CVE for it.
Finding the thing you need to exploit is simply a matter of finding the correct tools - very little manual work to be done, if you are struggling then you are using the wrong tool.
stuck at same place as @samdtyler between user1 and user2. Found the files in I****l directory, cracked what I needed from m.p. Noticed the creds need to be sent somewhere but every combination of curl commands I’ve tried have been unsuccessful. Would appreciate a nudge or some guidance through PM.
Bashing my head against the wall. Have found i*****l and the interesting scripts. I understand what they do. How the ■■■■ do I use them/call them? Attempting to activate them directly causes the cat inside to fail due to permissions, while curling every webpage and file path that I can find results in no progress either due to either not finding the .pp files or not working on a given webpage. Calling them directly on a web console on all five subdomains also fails.
The name implies where you should be when you try to get the data.
My vague understanding is that if I curl a PT with username jy and password Rd then it spits out a key for j****a at me. Either I suck at curling or I’m aiming at the wrong place - probably both.
Your understanding is correct.
Chances are high that you haven’t found the right place to target yet.
If the server isn’t providing the data externally on port 80, it might be doing something else. Find out where this something else is configured and check.
stuck at same place as @samdtyler between user1 and user2. Found the files in I****l directory, cracked what I needed from m.p. Noticed the creds need to be sent somewhere but every combination of curl commands I’ve tried have been unsuccessful. Would appreciate a nudge or some guidance through PM.
Same deal.
This has been asked and hinted at quite a few times in the thread, along with some very close to spoiler hints.
guys trying to get into root if i type “sudo -l” i get the following issue, with all the 3 users wwata , jy and J*****a
$ sudo -l
sudo: PERM_ROOT: setresuid(0, -1, -1): Operation not permitted
sudo: unable to initialize policy plugin
Any help for this issue? pls ping me if you have any info, thank you in advance
reset the box
i did it, also i did change location and same issue
sudo: PERM_ROOT: setresuid(0, -1, -1): Operation not permitted
sudo: unable to initialize policy plugin
USER 2: I did some curls with jy and get the ja private key. Now, when I am trying to connect with j***a key and it’s asking for passphrase.
I dont know what to do. I used chmod 600 but I am stucked on the same point.
I did some curls with jy and get the ja private key. Now, when I am trying to connect with j***a key and it’s asking for passphrase.
I dont know what to do. I used chmod 600 but I am stucked on the same point.
Any hints will be appreciated.
Give it the correct passphrase.
EDIT: also re-read the previous posts on this to see how you can troubleshoot what is actually asking for a passphrase. Saying “it” isn’t helpful when there are a couple of different steps which might ask for a password.
So I managed to get m*.p to give me the output I needed. I’ve tried explaining it to John’s friend but he won’t listen. At the moment I’m just sending him a txt but I’m thinking I need to send him it in a different format? I’ve also tried sending J***a the same txt so she’ll listen to me but it won’t work. Can anyone point me in the right direction or let me know if I’m down the wrong rabbit hole?
So I managed to get m*.p to give me the output I needed. I’ve tried explaining it to John’s friend but he won’t listen. At the moment I’m just sending him a txt but I’m thinking I need to send him it in a different format? I’ve also tried sending J***a the same txt so she’ll listen to me but it won’t work. Can anyone point me in the right direction or let me know if I’m down the wrong rabbit hole?
The file you got needs to be converted first. There is a tool in j**n for this. Normally you’d run the conversion and pipe output to a new file, which is text.
This should then be crackable to get the phrase you need to unlock it when you use it.
@TazWake No matter what I do I cant get John’s friend to help me talk to John. I have tried just copy and pasting what I found into various txts and id**sa.h*h format but his friend wont accept it. Any tips for getting it into the correct format?
Feel free to message me for a nudge!