still stuck at initial foodhold. played around with d***** and found a key, but john isn’t very talkactive today. anyone want to tell me what I’m doing wrong?

EDIT: Got User finally. thanks to very helpful people. the last stepp took me again wy too long, thanks to my stupidity. Should really learn to read output properly …

Great box. Not too hard but in no means easy. Learned a lot about new tools and services. I found user to be way harder than the actual root part. User involves many steps with multiple rabbitholes imho. Pm me if you need a nudge.

Hey guys, i stucked d****.r*******.h**/v*. I researched re******/*.0 version i got how is it working ( not too much) but couldnt find right path. i tried “_ca*****” but nothing. Can someone help me for what he next step is?

Edit: Got User1 for now

Hi there,

Currently i’m in the /b… d******** and i am trying to get a shell running via a file rename but i get a lot of errors when i’m doing this… 404 not found. Am i doing something wrong? Can somebody give me a nudge in the right direction?

Have a good rest everybody…

Awesome box, thanks @thek!

Learned about a few new tools, scripts and services :mrgreen:

Rooted with shell.

Dude, this box is wicked! Been meaning to learn a bit more about d*****, and this was a good lesson! Learned about some other things that I’ll be definitely using in the future.

Thanks @thek!

I have cracked the hash for ad**n and able to upload a web shell, but this keeps resetting and unable to get a reverse shell. Appreciate a nudge in the right direction.


NVM, It was right in front of me and I just needed to try harder.

Rooted, reading the post I think I am more lazy that I thought xD I was so tired I didn’t even set up a r**t service, working as programmer I can’t live without exceptions but this time they helped me getting root saving some time. Anyway P.M. for help

Got really stuck for the login page.

root@bolt:~# id
uid=0(root) gid=0(root) groups=0(root)

Hack The Box

Enumeration web application with the documentation of the API
download file from browser and enumerate what you get
get creed enumerate again get a connection

Feel Free to PM :smile:

Type your comment> @TeRMaN said:

Hey guys, i stucked d****.r*******.h**/v*. I researched re******/*.0 version i got how is it working ( not too much) but couldnt find right path. i tried “_ca*****” but nothing. Can someone help me for what he next step is?

Edit: Got User1 for now

Edit: Rooted. Thank you all.

Hardest box I’ve done so far. Lots of research is necessary for this one >.<

User1 (easy): brush up on c********s
User2 (medium): I spent longer than I’d like to admit looking for login creds… oops. Once authenticated, the rest is google-able. Just be quick, have some tabs open.
Root (difficult): One thing to remember… as others have mentioned here, everything should be done on the the box. You’ll save a lot of potentially wasted time. Try testing locally first. Check out what permissions you have as user2. The rest is trial + error.

I immediately got to the b… user before getting an initial foothold, and found the user.txt. Seems like I need to get to some l… page to get a f… up… Any nudges on where to find this page where I need to enter something I found?

hi, I am working on the initial user, I got all the files downloaded, but can’t find the creds?

E: I think I got the hash but can’t find the a way to decrypt the hash, tried john and hashcat. any nudges?


Whew this was such a hard and interesting box. I certainly learned a lot! Well- Here come some hints… Bear with me because this is the first time I give out hints.

User1: A certain service on this box will allow you to look into the past, some say that it recorded the forging of the key to open the door!

User2: After a lot of enumeration on User1, you should have found some information that you can use, a certain cat we know may want to play with that - but your journey for User2 does not end here. You will need to be really quick if you want to access what is underneath.

Root: One User can do what the other cannot. When you find a certain file you will realize what it is that you are supposed to do. Tunnel vision is sometimes needed!

PM me if you need any nudges! Thanks @thek for this amazing box!

Finally rooted this one, took me a while to figure out how to get all the file permissions right.

Feel free to PM me for hints

I found the /sealed key/ in d***** i**** but cannot crack it with j***, though I ran the converter script. Any idea what might have gone wrong?

EDIT: tried on my host (win) machine, same result - nothing. What the hell is going on ?! :frowning:

EDIT v2: NVM, got it. VERY sneaky! I like it.

I would really appreciate some nudges how to get w**-a from b. Thanks!

Not like this box is hard or easy or whatever, but most of the things I’ve found through the initial foothold has led me nowhere or to what looks to be a deadend, and…I’m confused to be quite honest. Can someone help out? If so, PM me.