Oops, I must have said too much. (sorry admins) …
Look for other places to use those credentials, obviously they were given for a reason.
First rooted box, thanks for the ones that helped! I can say this was one helluva learning experience for me.
Does anyone else S*H lags and freezes, i mean once in a while i understand if a server gets reset but mine does it way too often even for resets.
Type your comment> @lifesfunn said:
Does anyone else S*H lags and freezes, i mean once in a while i understand if a server gets reset but mine does it way too often even for resets.
Yes, I believe it has to do with what is being used on the machine. It was making me nuts especially when it errors out with ‘pipe broken’.
Finaly rooted! Thanks so much guys for all the assistance @bipolarmorgan and @SpicyWeasle. Its so cool to undersatnd how it works and @jkr for the box.
Give me some hint please. I already dump the usernames but I dont how the get the passwords, I tried to bruteforce it. but nothing happened
Hello everybody,
I have obtained the user access, I tried different things to obtain the root but nothing seems to work. Can somebody send me a PM to see if i’m on the right direction or no ? Thanks
Desperately need some hints, the python script for creds is taking so long that i think i’ve gone down the wrong path. Are creds really necessary to pop a shell on this machine ?
@JackWH said:
Desperately need some hints, the python script for creds is taking so long that i think i’ve gone down the wrong path. Are creds really necessary to pop a shell on this machine ?
I don’t know if there is another way to pop a shell, but I got the credentials of the user before opening a shell. You can send me a PM if you want a nudge for the user ( i didn’t obtained the root now).
Rooted : PM me if you want a nudge 
Can anyone PM me some tips… I’ve got a rough idea of what I need to do… how to do so is a totally different matter and I’m banging my head against a wall!
I have found an user, an email, a hash and a salt…is there a way to get the pass or I have to bruteforce it?
First box on HTB, I just got User. Can’t believe the time was staring me in the face all this time! Thanks to all the nudges. Now on to root.
Finally rooted…root was way longer than i thought it would take.
User was easy with a exploit.
ROOT was using the tool mentioned above,just watch its what you have done several times.Take it very easy and you will be root.
Still if you need any assistance PM me.I will be happy if would be able to help you.
Hello, been stuck on this one for a few days. I got to /w******/a********. I am not sure what my next steps are. Found a****. Not sure how to find hashes. Any nudge in the right direction would be appreciated.
Type your comment> @arsmo90 said:
Hello, been stuck on this one for a few days. I got to /w******/a********. I am not sure what my next steps are. Found a****. Not sure how to find hashes. Any nudge in the right direction would be appreciated.
forget the admin… try to find CMS vulnerability and exploit…
Hello ! I need some hints, the python script return an string empty of characters that i think i’ve gone down the wrong path or don’t set the T**** var efficiently… Can you PM me plz ?
Rooted! With some help!
nudge me if you need any help.
Started with easy boxes. This is the best so far. The user and root were actually possible to discover without being used to CTF-puzzles.
User: How to enumerate website without fuzzing about it? After that pretty CVE.
In addition to previous tips by other users:
Root: When I search places I have write-access to, why do I get permission denied?
I got the user, the hash and the salt. How can I decrypt that?
Type your comment> @MacCauley said:
I got the user, the hash and the salt. How can I decrypt that?
With the same tool you have add the decryption…