Recent Activity

krawn0t, sukhrajbrar, cristleo, Q29kZXIxOQ, bagginfrodo and 45 others joined.

Welcome Aboard!

January 22
squid22 → qwas2zx9

Can you help me with user? and the code injection on the exec()...
devops is not one of my strongest skills... (this kills me)
What I am doing is getting a python one liner shellcode, then url encoding it and and passing it to the server. These are the steps I am doing:

1) using: https://gist.github.com/lucasgates/0c6330c582d0ccf52fad129d5e7e9de7
without the python -c part
2) url encoding the reverse shell and replacing ; and spaces with %3b and %20 respectivetly before URL encoding
3) passing the reverse shell as follows:
curl -i -L http://10.10.10.168:8080/"""url_encoded_python_revsershell"""

Keeps failing buddy.

January 22
squid22 → passeds30

devops is not one of my strongest skills... (this kills me) ... can you help me figure this out?
What I am doing is getting a python one liner shellcode, then url encoding it and and passing it to the server. These are the steps I am doing:

1) using: https://gist.github.com/lucasgates/0c6330c582d0ccf52fad129d5e7e9de7
without the python -c part
2) url encoding the reverse shell and replacing ; and spaces with %3b and %20 respectivetly before URL encoding
3) passing the reverse shell as follows:
curl -i -L http://10.10.10.168:8080/"""url_encoded_python_revsershell"""

Keeps failing buddy.

January 22
Roqui800 → bertalting

Hi
Can you please give a nudge on openadmin box? It is my first box and i am not sure about what exactly i have to do. I find all the websites but i don't found nothing interesting.

January 22
SpiffyLich → albertojoser

Which groups do I care about? I'm super duper new to windows-hacking, and there's a lot that feels like its going right over my head

my best guess right now is for "NT AUTHORITY\NTLM", since there's an article about it. Unfortunately, exploits that I've found straight up don't seem to work. There's at least one metasploit module out for it that requires SESSION, but I can't get any session info from the box as ryan.

I've never been this stuck before. Jeez I feel like a 4 year old.

January 22
skunk

Please consider giving respect if I helped you :-)

January 22
IK1979 → fashark

Hi trying to get user for JSON box. I have managed to gain access via admin. ihave the OAUTH2 code. i cant seem to get the user access using ysoserial or mkpsrevshell.py
Any hints or tips please.
Thanks,

January 22
Str0ng3erG3ek changed their profile picture.

January 22
hemang → Uglymike

Hi, this one is regarding Json. I got URL and able to login with admin/admin. first time using json. can you please through some hint on from where to start. also know that sb admin 2 version 4.0.4 of bootstrap is there.

January 22
4an7o → BlackCYCLOPS
Hi, I would suggest doing Direct Message instead posting on the public board.

Based on your description, you are not understanding what you have.
1. Is it password of j*****a?
2. How the GTFObin works in this box? Why it tries to escape nano?
Hope the questions help you.
January 22
Rayngjx → Z1LV3R

Hey so I have managed to solved it to 72 84 66 123 77 48 78 107 115 95 107 78 51 119 33 125 , did some number cipher and got UGOT0WADLRDA0PHV and then ROT13 to "HTBG0JNQYEQN0CUI". Seemed like a promising flag but it isnt. Do you have any hints?

January 22
D4rkn3S → xolan

hello, i need some nudges on json.htb if you can.. i have there meterpreter shell, also found encrypted privileged user password, i decrypt it but when try to run with runas or psexec another payload, my meterpreter shell is down. also try to run netcat connection but not work.. can you give some nudges? thanks..

January 22
marvin7408 → t0wb0at

Hello,
I am working on the OpenAdminBox. I have the exploit working for OpenAdmin 18.1.1. I have a restricted reverse shell. I used the command "last" to see the last login. I see 2 users Jimmy and Joanna. I search the file system to find password or password hashes. I can't anything useful. Do you have a tip what I need to look for?
Thx.

January 22
goodgoodstudy → tang0

Hello, I'm contacting the control machine. I've got users. I'm having problems with them. I found the consolehost_history.txt file, and I can also write something in "currentcontrolset \ services \ test". But that's all. Google didn't harvest it. Root needs to prompt!

January 22
squid22 → AlexLTN

Hi AlexLTN, I was able to use wfuzz and found the hidden directory "develop". I was able to download the source code and I noticed that part with cwd and os.path... I been trying to do some LFI, RFI or something like that ... I have tried a few variations but got nothing... Can you help me figure this part out?

January 22
squid22 → Expanding

Hi expanding, I was able to use wfuzz and found the hidden directory "develop". I was able to download the source code and I noticed that part with cwd and os.path... I been trying to do some LFI, RFI or something like that ... I have tried a few variations but got nothing... Can you help me figure this part out?

January 22
squid22 → steel448

hey steel448, I am I was able to use wfuzz and found the hidden directory "develop". I was able to download the source code and I noticed that part with cwd and os.path... I been trying to do some LFI, RFI or something like that ... I have tried a few variations but got nothing... Can you help me figure this part out?

January 22
FibonacciBear changed their profile picture.

January 22
Kyushu → VamSee

hi，Did you solve the SSH problem？about，postman（Matt）

January 22
whitecrow, LSnake, spike66, avekiszka, fadhilthomas and 38 others joined.

Welcome Aboard!

January 21
alez → yeezybusta

Hello,

any nudge on foothold? Im unable to run full dir scan, always getting disconnections. Been able to find /vendor/symfony (with dirs int, process, filesystem, polyfill-ctype). Found some changelogs there that im not sure if they are relevant.

Found /vendor/gears/pdf too, that is the phpgearbox, but not changelogs here.

been trying to xxe the docx with blind method but im unable to connect back. I've been trying to trigger the pdfbox too (which seem obsolete and vulnerable) but did not found a way.

also im trying to figure out how is the conversion process, we upload the file, then the php does some unzip, looks for the main document in word/document.xml, then it calls libreoffice for conversion? but when it calls pdfbox or anything else (unoconv or anything else, that i can figure is the real thing that have to be exploited)?

thanks

January 21
SpiffyLich → DaDamnMayne

on the Resolute box, I got user "melanie" and the user-flag.

A lot of people are mentioning a user-2, and I'm 99% certain I know who it is. My question here is, should I try and get r*** credentials / login, or can I go straight for root once I have melanie?

thanks!

January 21
FDS → bertalting

Hi
Can you please give a nudge on openadmin box. I am on the www-data user and have looked at the files in var/www/ona but i find nothing interesting

January 21
nuxmorpheus01 → dnperfors

Never mind, just rooted.

Thanks anyway.

January 21
Ja4V8s28Ck → PAUL007

Have you finished FOREST??
bcoz i am willing to try to it , as it's a windows machine

January 21
nuxmorpheus01 → dnperfors

Hi man.

Could you help me with traverxec please?

I am stuck on root and I think I has an idea on what to do but resizing the terminal is not working for me . You told you use other way. May you tell me what way was that?

Thanks in advance.

January 21
unethicalnoob changed their profile picture.

January 21
atr0pos changed their profile picture.

January 21
darklink701 → Eelz

Hello, I started HTB a couple days ago. Since then I've been spending my time trying to get into OpenAdmin. I think I understand what i need to do later on, in terms of script execution, but the problem I'm having right now is getting access to an initial, low level shell. Could you point me in the right direction? Much appreciation.

January 21
wxadvisor changed their profile picture.

January 21

Howdy, Stranger!

Click here to create an account.

Recent Activity

Activity List

Howdy, Stranger!