Rooted :slight_smile: If anyone needs any help feel free to ping me :slight_smile:

Someone help me, how do I get the exploit for r**** to work?

it is so annoying that I s** -i worked once after that it didnt there are too many people on this

user was relatively okay, root was annoying because the exploit i used didn’t work for some reason? had to intercept the requests and pass them on 1:1 and then they worked for some reason

I’m pretty sure I have the right exploit for initial foothold, but how do you enumerate the user to add the s** key… or am I completely wrong!


Rooted, relatively easy in comparison to Forest, which almost made me lost my minds :smiley:
Feel free to PM for nudges

1st box and finally got in now for privilege escalation. Any nudges would be greatly appreciated. Used r**** to get in through s** as r****. Need to root. Learned alot so far thanks to @Franna for the initial nudge greatly appreciated.



This box was not to difficult for me but I really enjoyed going through it, all the hints you need are already on the forum, but if you need an extra nudge feel free to send me a PM.

hi guys, i managed to get inside using r****-c** but not sure what to do here… any hints?

Rooted!Playing HTB for the first time, thank @bumika and @gluonsrgreat for their help, I love it here

got the p@pe of the i_.bak
trying using it to s
-i but the user m* was denied as set in the config file

if I cannot s**, how can I use the i*_***.bak for another way to login as user m?

thanks for the hint

Thanks to @TheCyber for creating this machine. I learned new things . Just wonder if is there anyone who is able to do privelege part manually, without metasploit? PM please

Hi new guy here.

i have some issue trying to get a shell on this box. i have found all the services, and i know about the S** key and r**** but i cannot change the directory (should i even ? or just leave it?) - Also are people just mad for flushing that sht ? xD
i guess I should be able to change the directory to another user account since i believe the r
*** account has no shell enabled?

How do i go about say getting the passwd file? from W*****? none of my attempts of directory traversal has worked out.

And there comes a kind of machine which makes you feel good about your skills. I found it pretty straightforward with both user and root.
There are more than enough hints for this machine here so if you get stuck anywhere on any point refer to them. Enjoy!

Rooted! A few hints:
Initial stage:

Don’t overcomplicate it like I did! Remember that it is rated as an easy box. I’ve wasted a couple of hours trying to fix that “module” thing. Think about what else you can do.

That’s an easy one, you will get it if you’ve done your nmap well.

root@Postman# cat /root/root.txt
Wasted a lot of time because someone was changing the user’s pass!
Root was very fast.

PM me if you need a hint.

It’s a nice machine, i’ve learned about r****, user and root is more simple that you think :slight_smile: if ssh not work think different !

Nice and simple machine. Enjoyed.
Somebody wrote earlier that got root before the user. Im wondering how? Perhaps I missed something … ?