Finally rooted! 
Big thanks to @hackerB31 and Ravenforce for the nudges on this one.
ā
root@bolt:~# id
uid=0(root) gid=0(root) groups=0(root)
root@bolt:~# whoami
root
root@bolt:~#
Some hints:
USER- If you are having issues with your shell not displaying output once connected, the best tip I can give would be K.I.S.S.
ROOT - Research the obvious, then DIY
Cant get the d***** p*** to work, found the ma*****t and Di**** but still, could someone PM me a hint pls?
I rooted this yesterday after several hours. I have no idea if I did this the intended way. I leveraged the command found in b*****.**p after searching through documentation for hours. Anyone who has rooted it also mind sharing with me how they did it? From what Iām reading here, I donāt think the approach I took to get there is what others did.
Edit: Yea, I definitely didnāt do this box the way that most people are, I overthought it. Still got root though, so ?āāļø. If you want to solve it the way that I did, when looking at the command you can run, read into all the different type of targets you can be saving to, and then explore whether any of those options have a way to manipulate what gets run.
Hit me up on HTB Discord if you want, @agreenbhm#8525
root@bolt:~# hostname
bolt
root@bolt:~# id
uid=0(root) gid=0(root) groups=0(root)
root@bolt:~#
finally rooted!
i will be open to giving help to everybody because this box is hard af!
my discord is Celesian#0558
Finally rooted, User part quite easy, but the root was just frustrating, This is the first hard box from me, took time from me to finish it, but I tried to do it by myself as much as possible.
root@bolt:~# id
uid=0(root) gid=0(root) groups=0(root)
root@bolt:~#
This was a fun box. If anyone needs a nudge PM me.
ROOTED !!!
Great box, learnt a lot !
Everyone writing enumeration is the key is absolutely right, after fetching d****r files, getting the user is all about your enumeration skills.
PM me for any help
@drdsol92 said:
Currently stuck at bt user. From the hints provided here, I think Iām supposed to su to w-d*** and exploit r***c somehow? Iāve even gone through the php files but still canāt find anything useful. Would appreciate it if someone could give me a nudge in the right direction ><
You have to find a way to become w**-d**** and get your way with r****c to BACKUP all the essential files
.
i am stuck on second user. i cracked hash, logged in web app but uploading shell doesnt work. when i want change extension, it shows 404 not found. any help?
edit:
no need to change extension 
User! thanks to my mentor, he knows who he isā¦im finding this box frustrating but not difficult, im not familiar with d****r so i had to read the docs and read the docs and read the docs, that and enumeration is all youāll need to get to user, its that simpleā¦ Now on to root gl -all
Stuck cloning the dr ry, got the basic auth so can view v/_c***g, but canāt get any further
E: Thanks to a nudge from @noob2sec managed to get user, on to root now!
rooted. Thank you @masquerad3r for your hints.
As for root, I gave up to make outbound connection to my local machine. Everything was done in this machine besides cracking creds.
For the final touch, I didnāt know r***-s***** is portable.
I logged in via ssh as b**t user. Found some creds but couldnāt find a way to crack it can someone help me ?
Why all the B**t C*s pages return 404?
IDK if i get initial footlhold the intended way, can someone who feels the same PM?.
uid=0(root) gid=0(root) groups=0(root)
root@bolt:~#
if u need help . Write me from DM
how can I get root ? any nudges
Type your comment