Traceback

.

hi, i just got reverse shell and started digging around the filesystem and found 3 files in the obvious directory almost saying they are hints. And other files (igor) with the same file extension.

I used the internetz and it says i need python to run them? but no python still in my terminal. Am i going to the right direction? ive spent some time in the same spot ;_;

thx c;

Finally got root. Finding the webshell took me so long because I got confused by reverse shells uploaded by someone. The webshell has everything you need for the initial foothold.

Rooted! Besides the initial part of the foothold, I loved this box. It was funny.

Wtf! Why are reseting ever 10 minutes???

Can i PM someone to get user hint?

Got user finally

I am a nube and I was hoping that someone could help me with privesc to root. I have successfully accessed the box and managed to get user flag, hopefully by the desired method. I have appended a line to the ‘0xxxxxxxr’ file + some additional steps to get a reverse shell. I have a connection but I am seeing no shell. Thanks

Rooted
Thx @sulcud your tip did it

Got the root flag but still stuck on getting a reverse shell - please DM me with some nudges as it is driving me mad!!!

I stucked on user dm for help pls.

Rooted. This was a fun box! If you’re having trouble with the ssh part try running “ssh-add” on your machine to add the credentials :] DM for hints

Rooted, nice box!

connectivity issue the site is not reachable

@hawksvision said:

connectivity issue the site is not reachable

For issues like this, it is probably better to raise a JIRA ticket so HTB can become aware of the issue and fix it: https://hackthebox.atlassian.net/servicedesk/customer/portal/1

In practical terms, almost no one reading the forum threads can solve a problem with the box.

Finally rooted - thank you @p4ncake for your hints…

Rooted!

Foothold:
Really simple. What is the first thing you do when you have a web app? Is there any comment that can help you? Where would someone post public available code? Google is your friend on this one.

User:
Things get creative here. You are in, you have a shell. What is the first place you will go? Get the clue as valuable. How can you execute things that are not in other’s home dir?

Root:
Here I was rabbitholed for too long. Enumerate the processes and understand what is being loaded and with which privileges. Look for something that executes everytime you log in.

It is kind of non motivating to see more expert people taking 30 min, 1 hour on this box (at least on comments), so I won’t hide this box took me about 6 :smile: enjoy it at your own pace!

finally rooted and it was fun to learn new things

Stuck at root flag part, any help would be much appreciated. :smile:

Nvm rooted Finally. :smile:

Rooted this one as well! Seems like I was just in time. After getting the root flag the box died and now I can’t get in anymore with my backdoor. Looks like someone slammed the reset button 5 seconds after I got my flag.

This box was fun and not that hard to crack. Enough tips are given here. I don’t think I need to repeat them again. But if you need a nudge feel free to PM.

Please also mention the box you are asking help for since I get a lot of PM’s lately about different boxes.