Recent Activity
Activity List
-
-
-
-
-
-
Hey
Please could you give me some pointers for Jarvis for initial foothold?
ThanksJune 25 -
Hi, i need hints to get jarvis user, i found phpmyadmin but theres no exploit to get creds and im overthinking all the time, could you help me pls ? thx bro
June 25 -
-
Hi
Totally stuck on Jarvis, please could you give me some pointers for the initial foothold?
ThanksJune 25 -
-
Hi there, I saw you were offering help on Onetwoseven and I could use some help.
I'm attempting the APT exploit for privesc and am metaphorically banging my head on a wall, I wanted to see if I was even attempting the right methodology:
It seems to me that this is the exploit I must perform: https://justi.cz/security/2019/01/22/apt-rce.html
However, it only tells me 60% of what I need to know to replicate. I'm trying to do exactly what the article did as a proof-of-concept by installing the package and running MITMproxy to serve a fake redirect pointing APT to my own update file instead of the real .deb file.
Problem is, I'm having massive difficulty using/learning mitmproxy. I also don't understand how to plant the malicious update package; do I just generate my own .deb file from scratch? Or do I embed something into a .gpg file?
Do you recommend a different approach? Any resources would be very appreciated. Or am I barely even on the right path?
Thanks in advance.
June 25 -
Hi This is about Luke, I got the db config.php and I tried it using root,derry and chihiro, wit the password found in config.php using curl as curl -d '{"username":"Derry","password":"Zk6heYCyv6ZE9Xcg"}' -H "Content-Type: application/json" -X POST http://10.10.10.137:3000/Login but i am continuously getting Forbidden..any hint here..Thanks
June 25 -
Hi,
I'm in the last stage "Ghoul Machine", I found the zipslip, I made the 2 pivots, root the first machine (172.20.0.10), root the gogs machine (172.18.0.2), I have the aogiri-app.7z, but now I'm tied hands, I searched any credentials in this file, but not success...I found as the application works, I saw that is JAVA, but I have Java in twice machines (10.10.10.101..and 172.20.0.200), in one of those,I have de "kaneki_adm", but how I don't have root, i don't have access, I belive that in this Machine, I could find the root.txt, but now I'm lost. and Yes, I found this credentials:server.port=8080
spring.datasource.url=jdbc:mysql://172.18.0.1:3306/db
spring.datasource.username=kaneki
spring.datasource.password=jT7Hr$.[nF.)c)4CBut, i can,t get to access..
, I imported in the git but I have the same results, I tried to use this credential as a "kaneki_adm".."root"..and nothing .. :9 ...Do you have any idea or any sugest to me?
Thank you sooo much
June 25 -
hi, i'm stuck with the user on lacasadepapel.
I get access to https site and using path traversal i can see where is the user.txt but until now i didn't find any creds... and i can't get the user flag... There is something i can't see... right? any hint?June 25 -
-
-
-
Hey mate is the high port a dead end? I can't shake the ban, tried fuzzing anyway but found nothing, fuzzed the main site with 5 wordlists and also found nothing, no critical unauth vulns from what I can see, any hints?
June 25 -
Hi D4nch3n,
cannot get nay foothold. Found phpmyadmin adn the ban site. Tried some lfi but all tries failed.
Can you help me a bit further?Thanks
Grt,
Trinitro
June 25 -
how did you solve the third layer? I am stuck on cracking zip file, I tried rockyou.txt but no luck. please help
June 25 -
-
-
any help for get user.txt i am www-data now I know the user pepper but i can't read user.txt i try simpler.py file for read but again premssion denied just give me a hint ?
June 24 -
Hi Seepkoa,
can you give me a nudge for the user part (of jarvis)?
Thank you
June 24 -
Hi wisd,
can you give me a hint about getting user?
it's LFI on phpmyadmin I guess, but all possibilities I know are done....TIA.
Grtz,
Trinitro
June 24 -
-
AFK ... work and real life has gotten in the way of HTB. As a result I not be on the site much and that means all responses to questions will be significantly delayed, just be aware and I will respond to questions whenever I get a chance.
June 24 -
I am off of HTB for a while to focus on other project (eg hardware hacking :-D ) and don't expect to be back until at least December 2019.
June 24 -
Hi,
I contact you for some help on "WriteUp" box.
I find a md5 hash and the seed but cannot reverse it
I don' tknow if this is the correct way ?
62def4866937f08cc13bab43bb14e6f7 / 5a599ef579066807
Am I in correct direction ?
I didn't understand the "TIME" problem, my python script works fine.
Thanks for the time you allow to help me
RegardsJune 24 -
Hey, I saw you managed to root LaCasaDePapel!
I have an ssh shell and know I need to edit the cronjob "root" (right?). I tried all kinds of ways to append my commands to the cronjob, but can't get it to work. Can you please give me a small hint?
Thanks!
June 24
