[iam_with_you11]

video write up https://www.youtube.com/watch?v=pQtAk9OeC0k

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you feel this is incorrect.

[hieule89]

I faced the issue with "mc alias set myminio http://prd23-s3-backend.skyfall.htb 5GrE1B2YGGyZzNHZaIww GkpjkmiVmpFuL2d3oRx0"

How can I use mc in just command line, not GUI

[xa6]

I faced the issue with "mc alias set myminio http://prd23-s3-backend.skyfall.htb 5GrE1B2YGGyZzNHZaIww GkpjkmiVmpFuL2d3oRx0"

How can I use mc in just command line, not GUI

u are using midnight commander not minio...

./mc cp myminio/askyy/home_backup.tar.gz
./mc not mc

---

give assky password

token for login
hvs.CAESIJlU9JMYEhOPYv4igdhm9PnZDrabYTobQ4Ymnlq1qYLGh4KHGh2cy43OVRNMnZhakZDRlZGdGVzN09xYkxTQVE

---

any ideas for root flag? I'm searching but no luck

For the root flag,

Dig master token according to the sudo -l (Hint: debug mode)
and generate OTP just like user OTP with vault.

There you go...

You can DM me for certain points.
Good luck!

intended path to root is:

create a symbolic link from debug.log to /etc/update-motd.d/00-header , create a .yml file and write a command ;command; in the vault_nodes field and finally log in to ssh as askyy and run the command from 00-header

---

also, ctrlzero mentioned that the unintended paths will be patched today

[hcker01]

I faced the issue with "mc alias set myminio http://prd23-s3-backend.skyfall.htb 5GrE1B2YGGyZzNHZaIww GkpjkmiVmpFuL2d3oRx0"

How can I use mc in just command line, not GUI

u are using midnight commander not minio...

./mc cp myminio/askyy/home_backup.tar.gz
./mc not mc

---

give assky password

token for login
hvs.CAESIJlU9JMYEhOPYv4igdhm9PnZDrabYTobQ4Ymnlq1qYLGh4KHGh2cy43OVRNMnZhakZDRlZGdGVzN09xYkxTQVE

---

any ideas for root flag? I'm searching but no luck

For the root flag,

Dig master token according to the sudo -l (Hint: debug mode)
and generate OTP just like user OTP with vault.

There you go...

You can DM me for certain points.
Good luck!

intended path to root is:

create a symbolic link from debug.log to /etc/update-motd.d/00-header , create a .yml file and write a command ;command; in the vault_nodes field and finally log in to ssh as askyy and run the command from 00-header

---

also, ctrlzero mentioned that the unintended paths will be patched today

where should the yaml file be located and how would the command in the yaml be executed if we execute /etc/update-motd.d/00-header

[hcker01]

I faced the issue with "mc alias set myminio http://prd23-s3-backend.skyfall.htb 5GrE1B2YGGyZzNHZaIww GkpjkmiVmpFuL2d3oRx0"

How can I use mc in just command line, not GUI

u are using midnight commander not minio...

./mc cp myminio/askyy/home_backup.tar.gz
./mc not mc

---

give assky password

token for login
hvs.CAESIJlU9JMYEhOPYv4igdhm9PnZDrabYTobQ4Ymnlq1qYLGh4KHGh2cy43OVRNMnZhakZDRlZGdGVzN09xYkxTQVE

---

any ideas for root flag? I'm searching but no luck

For the root flag,

Dig master token according to the sudo -l (Hint: debug mode)
and generate OTP just like user OTP with vault.

There you go...

You can DM me for certain points.
Good luck!

intended path to root is:

create a symbolic link from debug.log to /etc/update-motd.d/00-header , create a .yml file and write a command ;command; in the vault_nodes field and finally log in to ssh as askyy and run the command from 00-header

---

also, ctrlzero mentioned that the unintended paths will be patched today

where should the yaml file be located and how would the command in the yaml be executed if we execute /etc/update-motd.d/00-header

yes pwned i did in a different way you should search for symlink race condition
https://hackmd.io/@bachtam2001/BkZkudoLq

[terminaluzer1]

still trying to root it anyone help?

I faced the issue with "mc alias set myminio http://prd23-s3-backend.skyfall.htb 5GrE1B2YGGyZzNHZaIww GkpjkmiVmpFuL2d3oRx0"

How can I use mc in just command line, not GUI

u are using midnight commander not minio...

./mc cp myminio/askyy/home_backup.tar.gz
./mc not mc

---

give assky password

token for login
hvs.CAESIJlU9JMYEhOPYv4igdhm9PnZDrabYTobQ4Ymnlq1qYLGh4KHGh2cy43OVRNMnZhakZDRlZGdGVzN09xYkxTQVE

---

any ideas for root flag? I'm searching but no luck

For the root flag,

Dig master token according to the sudo -l (Hint: debug mode)
and generate OTP just like user OTP with vault.

There you go...

You can DM me for certain points.
Good luck!

intended path to root is:

create a symbolic link from debug.log to /etc/update-motd.d/00-header , create a .yml file and write a command ;command; in the vault_nodes field and finally log in to ssh as askyy and run the command from 00-header

---

also, ctrlzero mentioned that the unintended paths will be patched today

where should the yaml file be located and how would the command in the yaml be executed if we execute /etc/update-motd.d/00-header

yes pwned i did in a different way you should search for symlink race condition
https://hackmd.io/@bachtam2001/BkZkudoLq

[game95]

I faced the issue with "mc alias set myminio http://prd23-s3-backend.skyfall.htb 5GrE1B2YGGyZzNHZaIww GkpjkmiVmpFuL2d3oRx0"

How can I use mc in just command line, not GUI

u are using midnight commander not minio...

./mc cp myminio/askyy/home_backup.tar.gz
./mc not mc

---

give assky password

token for login
hvs.CAESIJlU9JMYEhOPYv4igdhm9PnZDrabYTobQ4Ymnlq1qYLGh4KHGh2cy43OVRNMnZhakZDRlZGdGVzN09xYkxTQVE

---

any ideas for root flag? I'm searching but no luck

For the root flag,

Dig master token according to the sudo -l (Hint: debug mode)
and generate OTP just like user OTP with vault.

There you go...

You can DM me for certain points.
Good luck!

intended path to root is:

create a symbolic link from debug.log to /etc/update-motd.d/00-header , create a .yml file and write a command ;command; in the vault_nodes field and finally log in to ssh as askyy and run the command from 00-header

---

also, ctrlzero mentioned that the unintended paths will be patched today

where should the yaml file be located and how would the command in the yaml be executed if we execute /etc/update-motd.d/00-header

yes pwned i did in a different way you should search for symlink race condition
https://hackmd.io/@bachtam2001/BkZkudoLq

Can you help me to get a root?

[toshy]

Guys I think they just fixed some vulns on the box.


I need ROOT access.
But the command creates the log file with root permissions.
In case I create the file before I run the command, and set it's rights with chmod it's not working. Maybe it's deleting it before it writes the debug informations.
In case I try to append the new log file location at the end fo the command It's asking for askyy's password. Which isn't working because it's OTP. I think it's becuse did not match with the exact command from the sudo config.

There are some sites which leaching the master token, guess it. It's not working! I think they changed it.

HELP!

[SpiritWolf]

Hello.
Did anyone get root after all the patches? Seems like symlink race is not the way, but I don't understand the intended way, can anyone provide hints?

[SpiritWolf]

Anyone? Noone at all?