Type your comment> @amk2 said:
Can anybody drop a hint on root? Tried using p**y but can’t seem to find anything interesting.
i think we have to use clel and py and li**h these three are the only which can help us to get root i was told by a guy who already got the root flag but he is offline now
Type your comment> @dividebyzer0 said:
Type your comment> @godzkid said:
having same problem really having hard time try to get the root someone please pm me the root flag
Did you seriously just ask for the flag?
Tell you what… if you can decrypt this, you’ll know what you need to do to root this box.
Ubj nobhg lbh chg va gur rssbeg naq QB VG LBHEFRYS lbh ynml cvrpr bs fuvg?
i was just joking bro sorry if i break any rules of hackthebox
I struggled for hours due to the lack of consistency in the cred exploit, even after tweaking the code to deal with faulty connections.
My advice: even if you are missing a couple of bytes of the end of a hash go and rock the part you are sure of by partial comparisson. The solution space is not big enough to bring false possitives 
Hint for exploit: make sure to edit the script, especially if you’re on free. Make things less impatient to give you more accurate results, and make sure you’re pointing it at the right location.
my hint for root: It might be easier to find the priv esc vector on free server than in VIP.
at least i missed it for a long time focusing on the wrong thing (as quite a few seem to be doing, instead i am missing something obvious)
can anyone drop hint for credentials
If anyone with root that understands the exploit mechanism can PM me, I’d be grateful. I think I understand the method, but I’m just not doing something right. Don’t want the solution, just to discuss my approach with someone.
Hint for User:
How do you guys know what exploit to use?
I finally got root. Realized that I was overthinking things. The hint about what tool to use in this thread is helpful, but definitely consider all the output from that. I got down a rabbit hole for a while and when I took a step back I realized that the solution was a lot easier than the other things I was trying.
Type your comment> @jamjar42 said:
If anyone with root that understands the exploit mechanism can PM me, I’d be grateful. I think I understand the method, but I’m just not doing something right. Don’t want the solution, just to discuss my approach with someone.
Same here…
Got User - now onto root…
If anyone is struggling to crack the info gained feel free to PM.
Hello, I’ve been stuck with the w****** page for so long, checked if there is lfi in p***. found what’s running without wappalyzer, the probleme is I do not know the version, so I do not know what exploit to use. any hint will be appreciated as I am sure I am in the right path.
Edit: found the exploit and did the rest, gonna look for the user flag now.
thanks for the hint deviate, sm0n6
My hint would be it’s a fresh new box. peoplz hinted the exploit on how it’s user friendly… for the cracking you’ll be able to do it if you got the creds at the first place (did you even read the exploit …)
A lot of the exploits require you to be logged in. Unless you can log in, you can probably rule those out for now.
Type your comment> @MRwatch0xff said:
Hello, I’ve been stuck with the w****** page for so long, checked if there is lfi in p***. found what’s running without wappalyzer, the probleme is I do not know the version, so I do not know what exploit to use. any hint will be appreciated as I am sure I am in the right path.
If you found it without wappalyzer then maybe if look closer you can rule out certain CVEs
Finally got root, PM if you need a nudge.
Very nice box, very realistic and i think it could also fit on the pwk labs for OSCP. Congratulations @jkr .
Finally rooted. Very nice box. Thanks for the nudges. Learned something new with this one.
Good work @jkr . PM if you need help
i run the script and keep getting a proxy error from localhost…now i’m just confused…any hints?
