Type your comment> @Xtronum said:
looking for a nudge on root. Found the s*****.sh file. Can see that it runs with sudo. Read the man page for j*…l but cant seem to get anything working. Visited gtfo bins as well to no avail.
Try running the same command the script is running on your own without the pipe to cat. Keep an eye on processes. When you see something interesting, rtfm 
some one tell me the bash script 35466 syntax?
I’m able to find my way to the restricted area, but still can’t find a way to authenticate (even via web after poking around in /*****d). Any hints?
Got root. I’m a novice and this was quite difficult for me. It required some techniques that I don’t fully understand and only figured out by pure chance and the hints here.
My hints (definitely also take a look at the other hints!):
PM me for advice. I’m willing to help. I just spent the better part of the day getting crazy because I couldn’t figure out what to do :neutral:
I would be very grateful if someone would be willing to explain to me WHY and HOW the technique to get root works. I don’t understand it at all. I can explain all of my steps and what worked for me and what didn’t. I’d also be interested in learning how to own root without resizing and how to defend against this resizing trick.
Thanks for everybody reaching out in advance! 
After what seems like a lifetime of effort finally got root & user credentials on this box. Not sure it was the wisest of choices for a first box but feel like I have learnt loads and really challenged my current knowledge and understanding.
Safe to say that there is lots of good insight and tips already on this thread and appreciate all the comments and suggestions the community provide! Special thanks to @Tazwake, would have been far more keyboard headbutts without your assistance and thought invoking PMs, cheers!
Question now, which box next??
Oh and didn’t have to resize the shell for root, that comment alone sent me into a rabbit hole in itself! 
Hi!
System owned! Fun box!
Hello, Im new in htb and im trying yo solve this machine, so i get the nh***** file and im trying to access to pu*****w directory to see the info on the .hta file, so I think I don’t have enough knowledge to understand what other info I need. Somebody can help me?
I’m still on the user d****
Type your comment> @Rastablud said:
Got user pretty easily, but root took a few days on and off (although should have been much easier). Thanks to @Dins89 for the tip.
My tip for root: Everyone goes on about ‘less’ but I didn’t need it, although the window needs to be the right size. GTFOBins is a little help. But, the most important thing, look at the command you’re trying to execute and mess with it…do you need it all? Maybe call a plumber to take something out…
Thanks a ton! This was infinitely easier than trying to figure out the window sizing thing… Never could get it to work but know what everyone is talking about from OTW.
i got a shell and a password Now… but I can get david access…and i cant able to find ssh keys…someone help me pls
@manasramesh Maybe it’s not a password for ssh/davids account password. Maybe it is a key to his 2nd home.
with getting root, do i need to know the user1 password? (hopefully that isn’t to much of a spoiler!)
At last I got root…
The bit about the window size was QUITE annoying!
Thx for the hints guys, learned some stuff!
AND ROOTED ■■■■ im a total idiot…massive facepalm!
Can anyone shoot me a tip on how to get from inital foothold to user flag? i used MSFConsole and a py script to exploit a 0 day. have access each way but no permissons to do much. trying to comb though conf files and such. i feel like i am very close.
dont know much about GTFO
SUID’s???
Looking for a very very small nudge on user I have creds, I know about ~**** with n***** server. I feel like I’m missing something simple. Please PM me.
Type your comment> @LSCSG said:
Looking for a very very small nudge on user I have creds, I know about ~**** with n***** server. I feel like I’m missing something simple. Please PM me.
Just read the conf file carefully.
you will get what you want
Type your comment> @johnmflynch said:
Can anyone shoot me a tip on how to get from inital foothold to user flag? i used MSFConsole and a py script to exploit a 0 day. have access each way but no permissons to do much. trying to comb though conf files and such. i feel like i am very close.
dont know much about GTFO
you dont need GTFO for initial steps.
You should just explore the directories
you might find something
Finally rooted ! Second box after postman. The really hard part was getting user (took me a few days). Then the root part is really easier than you think. All the hints on this forum are more than enough (kinda regret reading it tbh).
Hey Guys,
I need a nudge in the right direction.
I’ve used the exploit with a .py script (it seems I’m not that good with MSF, I’ll need to work on that.) .
I’ve found the hash in the location described in the conf file and got the N…e pwd.
I also know about the existence of the ~… page which block my entrance.
With effort I’m trying to find maybe folders/files underneath this folder but I feel like I’m on the wrong track.
No clue for root, but that will be for later on.
please help me!
~ p.s. I’ve read through all the 41 pages and I’m just not seeing what I think I’m supposed to see in the conf/man ~