Traceback

thammarit · March 19, 2020, 8:41am

Rooted.
Great and fun box for beginners. Learn about two new things; a new programming language and how welcome messages are configured and being displayed when user logs into ssh service.

Just feel free to PM me if you get stuck and want some hints !!!
Happy to help

mach1ne · March 19, 2020, 8:50am

I hate this, people are resetting and removing stuff all the time, it is very anoyying, i literally can’t take 2 minutes to setup for something and I see that somebody removed the file that i uploaded. I can literally see the command from bash, holy s**t.

Albadotpy · March 19, 2020, 8:57am

Rooted it yesterday. It was a fun and refreshing box .
If anyone need help on user or root, I’ll be happy to provide some tips!

wewppp · March 19, 2020, 9:50am

rooted!! ok thanks again for eviltor13 for the clues!!!
okay now here here’s what i can say about the box and maybe some clue?
foothold: remember everything you see is the truth!
User:the things you see is also the truth! Try to look for it!
Root: again the answers is in front of you! Remember don’t overwrite it!
…ehem
And thanks again for eviltor13

wewppp · March 19, 2020, 10:20am

Type your comment> @chiakheewei said:

Anyone can give me a hint on root privilege escalation?

The answere is in front of you! Just look for it!

exoOne · March 19, 2020, 10:28am

rooted! fun box specially to get root flag.
feel free to PM if you are stuck!

enigmaNL · March 19, 2020, 12:20pm

Type your comment> @MariaB said:

Seriously guys stop resetting and messing with box,overwriting things ,deleting things.
You are spoiling the nice box.
After i manged to get user after 1000 redos now i cannot get to root because of all the madness!!!

I came here to say exactly this!

Nevertheless, this was a fun box, and i learned a lot, especialy a new programming language

Thanks @Xh4H For making this box!

farbs · March 19, 2020, 1:16pm

Box was slightly too easy in my opinion. Repeated exploitation path from a previous machine was a bit insulting as well.

Not a bad box for beginners, but if you’re seasoned, it will probably feel like more of a chore than anything else.

No tips from me on this one. Everything in the comments is already enough.

yannizZz · March 19, 2020, 1:40pm

As soon as I spawn my shell, the intended tool to be used is asking for password. did anyone else have to deal with something similar?

LSnake · March 19, 2020, 2:32pm

i’m stuck since i’m in webadmin, how do i go into sysadmin ??

PrathmeshRewal · March 19, 2020, 2:48pm

Type your comment> @LSnake said:

i’m stuck since i’m in webadmin, how do i go into sysadmin ??

check what you can execute as s*** . you might find something intresting

LSnake · March 19, 2020, 2:49pm

i think i should do something with luvit? how can I use it?> @Princevil said:

Type your comment> @LSnake said:

i’m stuck since i’m in webadmin, how do i go into sysadmin ??

check what you can execute as s*** . you might find something intresting

i think i should do something with luvit? how can I use it?

PrathmeshRewal · March 19, 2020, 2:54pm

Type your comment> @LSnake said:

i think i should do something with luvit? how can I use it?> @Princevil said:

Type your comment> @LSnake said:

i’m stuck since i’m in webadmin, how do i go into sysadmin ??

check what you can execute as s*** . you might find something intresting

i think i should do something with luvit? how can I use it?

seems you are on right track . check user folder there are some more intresting stuff to understand .

fruitfulBrute · March 19, 2020, 3:03pm

“Unexpected symbol…” error. What am i missing here?
Update: GOT IT!

MaximumBob · March 19, 2020, 4:38pm

I guess my osint skills are trash because I just don’t get what I am supposed to do. I found some stuff based on what i found in the HTML source and I have tried all the shells I have found based on my google search but i just get 404. Can someone help me out?

PrathmeshRewal · March 19, 2020, 4:50pm

Type your comment> @MaximumBob said:

I guess my osint skills are trash because I just don’t get what I am supposed to do. I found some stuff based on what i found in the HTML source and I have tried all the shells I have found based on my google search but i just get 404. Can someone help me out?

you need to search for author fav shells

Hack The Box

gravecode · March 19, 2020, 6:17pm

I’m a beginner. Not able to ssh w**a**** without a password. Any tips?

nebulousanchor · March 19, 2020, 6:32pm

Type your comment> @gravecode said:

I’m a beginner. Not able to ssh w**a**** without a password. Any tips?

If you are that user, is there something you can add that will let you in without a password? Though I would save it for later, you can do all (or almost all depending on your final vector) without SSH, just pivoting off the initial foothold session.

gotroot · March 19, 2020, 7:23pm

ROOTED ??
This machine was frustrating at times but ended up being pretty simple. Overall I liked it and had fun. Learned a new way to priv esc and learned about the Message of The Day.
Nudges
Foothold: OSINT
User: Check what you have privs to run as someone else
Root: Check to see what you have write access to

PM me for Nudge

D0p4m1n3 · March 19, 2020, 8:01pm

root@traceback:~# whoami
root
root@traceback:~# id
uid=0(root) gid=0(root) groups=0(root)
root@traceback:~#

but…the root flag is not working