Traceback

sirbowen · May 7, 2020, 1:19pm

.

b1ts0upseele · May 7, 2020, 4:18pm

hi, i just got reverse shell and started digging around the filesystem and found 3 files in the obvious directory almost saying they are hints. And other files (igor) with the same file extension.

I used the internetz and it says i need python to run them? but no python still in my terminal. Am i going to the right direction? ive spent some time in the same spot ;_;

thx c;

Dukezo · May 7, 2020, 7:39pm

Finally got root. Finding the webshell took me so long because I got confused by reverse shells uploaded by someone. The webshell has everything you need for the initial foothold.

shfscrt · May 8, 2020, 6:12am

Rooted! Besides the initial part of the foothold, I loved this box. It was funny.

kurogai · May 8, 2020, 12:06pm

Wtf! Why are reseting ever 10 minutes???

Invited · May 8, 2020, 12:52pm

Can i PM someone to get user hint?

Got user finally

TheJ0llyN1nja · May 8, 2020, 1:40pm

I am a nube and I was hoping that someone could help me with privesc to root. I have successfully accessed the box and managed to get user flag, hopefully by the desired method. I have appended a line to the ‘0xxxxxxxr’ file + some additional steps to get a reverse shell. I have a connection but I am seeing no shell. Thanks

poots · May 9, 2020, 5:05am

Rooted
Thx @sulcud your tip did it

TheJ0llyN1nja · May 9, 2020, 1:37pm

Got the root flag but still stuck on getting a reverse shell - please DM me with some nudges as it is driving me mad!!!

olcsy · May 10, 2020, 10:03pm

I stucked on user dm for help pls.

p4ncake · May 10, 2020, 10:06pm

Rooted. This was a fun box! If you’re having trouble with the ssh part try running “ssh-add” on your machine to add the credentials :] DM for hints

pwnableTurkey · May 10, 2020, 10:21pm

Rooted, nice box!

hawksvision · May 11, 2020, 8:47am

connectivity issue the site is not reachable

TazWake · May 11, 2020, 3:23pm

@hawksvision said:

connectivity issue the site is not reachable

For issues like this, it is probably better to raise a JIRA ticket so HTB can become aware of the issue and fix it: https://hackthebox.atlassian.net/servicedesk/customer/portal/1

In practical terms, almost no one reading the forum threads can solve a problem with the box.

TheJ0llyN1nja · May 11, 2020, 6:21pm

Finally rooted - thank you @p4ncake for your hints…

Piartz · May 12, 2020, 12:58am

Rooted!

Foothold:
Really simple. What is the first thing you do when you have a web app? Is there any comment that can help you? Where would someone post public available code? Google is your friend on this one.

User:
Things get creative here. You are in, you have a shell. What is the first place you will go? Get the clue as valuable. How can you execute things that are not in other’s home dir?

Root:
Here I was rabbitholed for too long. Enumerate the processes and understand what is being loaded and with which privileges. Look for something that executes everytime you log in.

It is kind of non motivating to see more expert people taking 30 min, 1 hour on this box (at least on comments), so I won’t hide this box took me about 6 enjoy it at your own pace!

hawksvision · May 12, 2020, 5:07am

finally rooted and it was fun to learn new things

suixido · May 12, 2020, 5:16am

Stuck at root flag part, any help would be much appreciated.

suixido · May 12, 2020, 11:17am

Nvm rooted Finally.

manderait · May 13, 2020, 2:58pm

Rooted this one as well! Seems like I was just in time. After getting the root flag the box died and now I can’t get in anymore with my backdoor. Looks like someone slammed the reset button 5 seconds after I got my flag.

This box was fun and not that hard to crack. Enough tips are given here. I don’t think I need to repeat them again. But if you need a nudge feel free to PM.

Please also mention the box you are asking help for since I get a lot of PM’s lately about different boxes.