On Hack The Box, the "Red Failure" message appears in two primary contexts:
For this article, we'll focus on the exploitation & flag submission "Red Failure" – the one that means your attack didn't work as expected, even though you thought it would. hackthebox red failure
Red failure often appears when your exploit does something but not the right thing. On Hack The Box, the "Red Failure" message
You likely forgot to check for log files.
Inside Red, after you get the initial shell, there is a log file in /var/log/audit/ that explicitly tells you which commands are not allowed to run as root. If you had simply typed cat /var/log/audit/audit.log, you would have seen the race condition requirement immediately.
Failure: You didn't read the logs. Red logs everything. For this article, we'll focus on the exploitation