Traverxec

HTB Content Machines
, , , ,
905

Rooted , finnaly :slight_smile:

906

I got www-**** but am unsure what to do next when I use ls I get a list of commands I think. not dir am I doing something wrong or is this norm?

scratch that, had to use a diff option to get what I was looking for

907

I minimize my terminal but its still $ hhhhhhh

nvm already root.
pm if need help.

908

started now with traverxec seems port 80 is not easyā€¦ any nudge? thanks

909

got root with nā€¦ vulnerability but connection closes when i try to read the roor.txt , any hit?

910

EDIT: rooted, thanks to @DevilHimSelf and @PAUL007 for the help. I felt like and idiot as everyone else was saying it is really easy, but you need to know the ā€œtrickā€. ā€œThink outside the boxā€ was a good tip that I just couldnā€™t understand until it was painfully obvious. PM me for any help needed.

911

Tips (most of which have been covered, redact as necessary):

Initial: Simple enumeration will quickly lead to a vulnerable service. Although MSF can help, Iā€™d recommend manual exploitation to better help you understand the code.

User: Itā€™s a preferred habit to go beyond vanilla ls when enumerating directories. If you have very little combat experience sifting through config files and software documentation, this is a great machine to start learning and fairly beginner friendly. Thereā€™s a very specific part of the software documentation that couldā€™ve been written clearer and thatā€™s where most get hung up on. Refer to other hints regarding the config file. Once youā€™re beyond that hurdle, you will face the same challenge in OpenAdmin thatā€™ll give you whatā€™s needed to log in.

Root: I had never rooted using this method, but what I can say is the hints are sufficient. Read through the file of interest. Find the line of execution. Try playing around with it, changing subtle things to note the difference in the window. GTFO Bins will help, as well as the fact that there was a very similar root exercise mentioned in the previous comments.

Iā€™m happy to help if youā€™re stuck, but please detail what youā€™ve accomplished first.

912

got shell with wā€¦ any hits from now? cant see more filesā€¦ thanks

913

Been trying to look at the man pages for the service but nothing of interest that I can pick out. I have the plain-text cred for d*d from my friend j but I donā€™t know how to use it just yet.

Could someone give me a hint for user please via direct message? Respect points will be awarded.

914

just Rooted, nice box, a lot of fun :smiley:

915

Iā€™m still stuck, I have the user d**** password, but itā€™s not for ssh, so I keep looking to see ā€¦

Any little clues to follow?

916

Type your comment> @jlsangom said:

Iā€™m still stuck, I have the user d**** password, but itā€™s not for ssh, so I keep looking to see ā€¦

Any little clues to follow?

why say passwd not work?

917

Type your comment> @kalitkd said:

Type your comment> @jlsangom said:

Iā€™m still stuck, I have the user d**** password, but itā€™s not for ssh, so I keep looking to see ā€¦

Any little clues to follow?

why say passwd not work?

For ssh, the password N*********, doesnā€™t work, it seems to be for another service, like http

918

Iā€™ve been working this box for sometime now and could us a nudge getting user. If anyone could PM me, Iā€™m happy to provide details on what Iā€™ve tried so far.

919

Type your comment> @CoronersTyro said:

Iā€™ve been working this box for sometime now and could us a nudge getting user. If anyone could PM me, Iā€™m happy to provide details on what Iā€™ve tried so far.

Update: got user lvl access. @01ph0rie, thanks for your time and insight.

920

I honestly would not have gotten root without the tips here, and when I did figure it out it was with a ā€œYouā€™ve got to be (censored) kidding me!ā€

Learned a few new tricks for sure on this box, pm if you need help.

921

I already have the user, thanks for the advice I got from @darktheli and @kalagan76

922

have a working www-data shell, found encrtypted hash which after MANY hours of messing around with came back cracked as ā€œN**********ā€. found /~/ and then /~/*************/ ā€¦ this was only after MANY hours of poking and prodding and still doubt i would have gotten to it because reading the .conf doesnā€™t necessarily point me that way, it was only from stumbling on a random Reddit post. canā€™t use the extracted as login on the webserver. nudge in the right direction?

923

Type your comment> @zer0bubble said:

have a working www-data shell, found encrtypted hash which after MANY hours of messing around with came back cracked as ā€œN**********ā€. found /~/ and then /~/*************/ ā€¦ this was only after MANY hours of poking and prodding and still doubt i would have gotten to it because reading the .conf doesnā€™t necessarily point me that way, it was only from stumbling on a random Reddit post. canā€™t use the extracted as login on the webserver. nudge in the right direction?

Well, it appears that hashcat and john didnā€™t like the format? new password worked like a chrarm, now off to play with keys

924

Rooted. DM for help