Traverxec

Type your comment> @1xSTiiXx said:

I managed to get an initial foothold on this box, but am struggling to get user. To this point I cracked the hash within the .ht***s file to uncover the password and I’m assuming there is a password protected web page somewhere where I can authenticate with the credentials I have, however I can’t find any authentication pages. I read the .conf file and was able to browse to the users home directory within the browser which returns a web page that stats “Private space. Nothing here. Keep out!” This is as far as I’ve gotten so far. Others have said to check dads home directory on the box, but within my low priv shell, I don’t have permissions to list anything within his home directory. From the browser, it loads the web page I said earlier, I just can’t find any other pages that I can authenticate to. Any nudges would be appreciated!

I need help. I am in the same situation.

I got file b*************.tgz. can anyone help me how to download this file into my host machine.

Also got a local user password but can’t ssh with it.

Any help appreciated.

At the end got root: special thanks to @Tatik
root hints: j…l + GTFObins + resize

Type your comment> @RybinR said:

Type your comment> @1xSTiiXx said:

I managed to get an initial foothold on this box, but am struggling to get user. To this point I cracked the hash within the .ht***s file to uncover the password and I’m assuming there is a password protected web page somewhere where I can authenticate with the credentials I have, however I can’t find any authentication pages. I read the .conf file and was able to browse to the users home directory within the browser which returns a web page that stats “Private space. Nothing here. Keep out!” This is as far as I’ve gotten so far. Others have said to check dads home directory on the box, but within my low priv shell, I don’t have permissions to list anything within his home directory. From the browser, it loads the web page I said earlier, I just can’t find any other pages that I can authenticate to. Any nudges would be appreciated!

I need help. I am in the same situation.

Same here. I know I cannot use the cracked hash to ssh in and at this point I need to look for the keys in the private space, but for the life of me i can’t seem to find anything in the /home/user dir. Any hints?

Type your comment> @Wakuru said:

I got file b*************.tgz. can anyone help me how to download this file into my host machine.

Also got a local user password but can’t ssh with it.

Any help appreciated.

If you’re in with m**, then the download command should work. That’s what I did

@CSN why is there even a private space? Think about it.
Home/user: Every child has parents.

@GGhaley did not use m** rather p** script

Hey guys, first forum post here. I’m very stuck. So here is what I have so far. I’ve read n***.f, got into /~d**, cracked the password hash for d****. I found this private space but I need a hint to find this “compressed file” everyone is saying is in here. I also do not have the private ssh key yet.

Type your comment> @AfroPrince said:

Need help with the machine, have gone pass cracking the hash with John, got my creds but unable to get the user d****d user flag. I believe SSH isnt the way or i’m doing something wrong.Kindly PM or help with a nudge. been on this machine for two days now.

Finally rooted the machine, thanks to eviltor13.

The root part is really cool! My favorite “Think outside the box” box :slight_smile: Thanks @jkr

are these boxes shared by everyone that participates in the challenge, or is each box unique to you? I can’t tell if all these tools dumped in the /tmp directory are from other users from HTB, or if they’re deliberately placed there by the creator(s).

There’s a file in there that basically does everything for you. Think it might have been placed there by another user.

I have found the ***********.tgz file in the hidden dir and extracted the private ssh key, and was able to crack it. I am not able to ssh with the password or su with it. Just need a nudge in the right direction…many thanks.

Edit: Got user …thanks @Hak4lif3

just started this box today. got an initial foothold/shell as user w*-d* not sure what to do next. have not found the any config files or hashes as mentioned.

i got shell with user w-d and cracked hashes for user dd password [***4me]…but cannot ssh or cahnge user to it …any hint or help would be appreciated

I just rooted this machine. But not without resize tips. I dont understand this resize thing. How could i find this without any help? Any articles about this i can study?

I ROOTED my first machine. I want to thank’s all for the suggestion and help me.
I can’t rooted the machine without your help.
Thank’s man

what’s the hash type of the pw you find in the hidden place? PM me if it’s a spoiler

All I want to say is I never had any idea about the root obtaining method. Yes, I know about GTFOBins but as for me it’s not the case. Live and learn. Thank you, @jkr.

Learnt something new in this one, happy to help/hint but not spoil for anyone else!

Hey guys, is anybody having an issue getting an initial foothold on this box? I’ve tried both exploits. Pretty sure my commands are correct. This is box #3 for me so I would think my commands are correct by now.
Metasploit = NO SESSION
BASH SCRIPT = forward host look up failed. unknown host.
I have edited my /etc/***** file as well. My ip4 lcl.hb, ipv6 ip_addy traverxec.hb
I did read something about a DOS exploit. If someone launched a DOS that would explain why my packets are not reaching the machine nor returning anything, but the machine responds to a ping. I don’t get it? Any help is appreciated.