Ypuffy

@scando said:
I have two usernames and a hashed password, I have tried using the password in different ways and get the "not enough " one of the ways. 3 hours now and I feel it’s taking me a lot longer than it should at this point. Hopefully, I’m going in the right direction.

I’m in the same boat. Really frustrating

I could use some help on the privesc, if someone wouldn’t mind PMing me. I have a lot of stuff that seems weird, and potentially exploitable, but I’m honestly not sure how to make use of all of it. Some help would be appreciated.

Got user, but need some help with priv esc. I know how to start gen with d and can create some files. Also I know how to print to screen p***e k via stdout as a file, but what about pc k**? How to save it in a right directory? Or, maybe, it is a wrong way?

Same here. can someone PM me for a hint.

Manged to find 2 users, one with a hash, but I’m at a loss what to do with them. Could someone give me a little nudge?

This was another great experience with nice new things learned. Read @Skunkfoot’s post on page 3, everything you need is in there!
If you are stuck on priv esc just as I was, read the man page thoroughly after enumerating configs and try to understand what you found and combine with something you also get from the config. I read over a little thing which was in between root and frustration
Quoting Skunkfoot:
“Good luck and Try harder” =)

Try harder indeed. Root was a journey, ■■■■.

Read the man pages. Twice.

so sick of *** and trying to get -**** to do what I want. I’m ready to **** this box in the ******

Okay, i’m a bit confused with recurrent problem on this box.
WHY people are removing all evidence, all tools and all logs from the box after exploiting it ?
First time, user flag was removed : wasted 2 hours for searching
Second time : all interesting file removed : 1 DAY
Third time: CLI tools removed : 4 Hous

WHY ?
Why are you doing this ? !

@jugulaire said:
Okay, i’m a bit confused with recurrent problem on this box.
WHY people are removing all evidence, all tools and all logs from the box after exploiting it ?
First time, user flag was removed : wasted 2 hours for searching
Second time : all interesting file removed : 1 DAY
Third time: CLI tools removed : 4 Hous

WHY ?
Why are you doing this ? !

Because they are script kiddies, and it makes them feel grown UP!

Got the users and one hash, have poked at the exposed service but fail to authenticate. Would appreciate a push in right direction. PM if you can help out.

So got user flag and reviewed all logs as mentioned by @Skunkfoot … identified the BSD SUDO but no love getting the key needed …any help please PM

@beards4ever said:
So got user flag and reviewed all logs as mentioned by @Skunkfoot … identified the BSD SUDO but no love getting the key needed …any help please PM

Reviewed all configuration files ?

Got root, fun box, but I had lots of issues with tools in the start. @Marantral thanks for the tool recommendation works like a champ, going in the toolbox.

@s1gnal said:

@beards4ever said:
So got user flag and reviewed all logs as mentioned by @Skunkfoot … identified the BSD SUDO but no love getting the key needed …any help please PM

Reviewed all configuration files ?

Got it now thanks to a push from @sckull and @slack3r …lots of fun was had , learned a bunch on this one for sure.

@AuxSarge said:
I would like to point out that my initial concept for this challenge was, while *nix based, pretty much OS agnostic. I actually settled on the OS I did because I haven’t seen it here and I thought some of the OS-specific stuff might give an interesting twist for the second flag.

It certainly was interesting, just rooted and I learned a ton! Thanks for the box.

For those who are stuck on this box: read this thread! Everything you need is mentioned in here and there are tons of hints.

my two cents:

• User: you don’t need crazy tools, nmap can help with the initial foothold (it’s not just a port scanner!), and once you got something interesting…as other said, HTB is rarely about brute force/cracking, see if you can use the info in another way.
• Root: As always, enumeration is the key, enumerate config files (a simple find command should do, but feel free to run LinEnum or your usual privesc scripts). Read man pages, stay in your terminal as much as you can. You’d need to do a bit of reading if you are not familiar with a certain thing, but the name of one of the user of the box can lead you to the right track

edit: nvm resolved

I’m stuck getting root. found 2 interesting configs and found elevated command current user can run. However I can’t seem to piece together the command correctly. Anyone able to PM to discuss as I might be going down a rabbit hole?

For those stuck at privesc…search a tutorial related to the thing you found on docs.gitlab.com…this helped me a lot!

@fuzzynull said:
I’m stuck getting root. found 2 interesting configs and found elevated command current user can run. However I can’t seem to piece together the command correctly. Anyone able to PM to discuss as I might be going down a rabbit hole?

You’re on the right track. Check all of your options. You syntax might be off, you might be doing it from a directory that’s inaccessible by certain users, or you might be missing some key information that you get from a certain command that you run, which is hinted at in those config files.