Recent Activity

Activity List

  • sHinraTensei changed their profile picture.
    Thumbnail
    6:38AM
  • darktheli changed their profile picture.
    Thumbnail
    5:56AM
  • darktheli and Sidhant joined.
    Welcome Aboard!
    3:41AM
  • BinaryBrian changed their profile picture.
    Thumbnail
    4:07AM
  • iwangxx, kashi, brasky, brapru11, Akl and 38 others joined.
    Welcome Aboard!
    June 25
  • moony8272

    Hey
    Please could you give me some pointers for Jarvis for initial foothold?
    Thanks

    June 25
  • hatex

    Hi, i need hints to get jarvis user, i found phpmyadmin but theres no exploit to get creds and im overthinking all the time, could you help me pls ? thx bro

    June 25
  • SimpleBash changed their profile picture.
    Thumbnail
    June 25
  • moony8272

    Hi
    Totally stuck on Jarvis, please could you give me some pointers for the initial foothold?
    Thanks

    June 25
  • ismailyavuz changed their profile picture.
    Thumbnail
    June 25
  • scottrainville

    Hi there, I saw you were offering help on Onetwoseven and I could use some help.

    I'm attempting the APT exploit for privesc and am metaphorically banging my head on a wall, I wanted to see if I was even attempting the right methodology:

    It seems to me that this is the exploit I must perform: https://justi.cz/security/2019/01/22/apt-rce.html

    However, it only tells me 60% of what I need to know to replicate. I'm trying to do exactly what the article did as a proof-of-concept by installing the package and running MITMproxy to serve a fake redirect pointing APT to my own update file instead of the real .deb file.

    Problem is, I'm having massive difficulty using/learning mitmproxy. I also don't understand how to plant the malicious update package; do I just generate my own .deb file from scratch? Or do I embed something into a .gpg file?

    Do you recommend a different approach? Any resources would be very appreciated. Or am I barely even on the right path?

    Thanks in advance.

    June 25
  • wish

    Hi This is about Luke, I got the db config.php and I tried it using root,derry and chihiro, wit the password found in config.php using curl as curl -d '{"username":"Derry","password":"Zk6heYCyv6ZE9Xcg"}' -H "Content-Type: application/json" -X POST http://10.10.10.137:3000/Login but i am continuously getting Forbidden..any hint here..Thanks

    June 25
  • littledaddy

    Hi,
    I'm in the last stage "Ghoul Machine", I found the zipslip, I made the 2 pivots, root the first machine (172.20.0.10), root the gogs machine (172.18.0.2), I have the aogiri-app.7z, but now I'm tied hands, I searched any credentials in this file, but not success...I found as the application works, I saw that is JAVA, but I have Java in twice machines (10.10.10.101..and 172.20.0.200), in one of those,I have de "kaneki_adm", but how I don't have root, i don't have access, I belive that in this Machine, I could find the root.txt, but now I'm lost. and Yes, I found this credentials:

    server.port=8080
    spring.datasource.url=jdbc:mysql://172.18.0.1:3306/db
    spring.datasource.username=kaneki
    spring.datasource.password=jT7Hr$.[nF.)c)4C

    But, i can,t get to access.. :( , I imported in the git but I have the same results, I tried to use this credential as a "kaneki_adm".."root"..and nothing .. :9 ...

    Do you have any idea or any sugest to me?

    Thank you sooo much

    June 25
  • cptUP

    hi, i'm stuck with the user on lacasadepapel.
    I get access to https site and using path traversal i can see where is the user.txt but until now i didn't find any creds... and i can't get the user flag... There is something i can't see... right? any hint?

    June 25
  • glatisant changed their profile picture.
    Thumbnail
    June 25
  • hackermofrom changed their profile picture.
    Thumbnail
    June 25
  • @Trinitro: Are you sure it's lfi?

    @Nameunknown: See my hint I posted on the thread.

    June 25
  • nameunknown

    Hey mate is the high port a dead end? I can't shake the ban, tried fuzzing anyway but found nothing, fuzzed the main site with 5 wordlists and also found nothing, no critical unauth vulns from what I can see, any hints?

    June 25
  • Trinitro

    Hi D4nch3n,

    cannot get nay foothold. Found phpmyadmin adn the ban site. Tried some lfi but all tries failed.
    Can you help me a bit further?

    Thanks

    Grt,

    Trinitro

    June 25
  • fuser

    how did you solve the third layer? I am stuck on cracking zip file, I tried rockyou.txt but no luck. please help

    June 25
  • raadrobot, ambalabanov, east, bad3r, buffalored and 31 others joined.
    Welcome Aboard!
    June 24
  • mordecai changed their profile picture.
    Thumbnail
    June 25
  • Tdzone

    any help for get user.txt i am www-data now I know the user pepper but i can't read user.txt i try simpler.py file for read but again premssion denied just give me a hint ?

    June 24
  • Trinitro

    Hi Seepkoa,

    can you give me a nudge for the user part (of jarvis)?

    Thank you

    June 24
  • Trinitro

    Hi wisd,

    can you give me a hint about getting user?
    it's LFI on phpmyadmin I guess, but all possibilities I know are done....

    TIA.

    Grtz,

    Trinitro

    June 24
  • EnDeRuCn

    hi, may i ask u how u decrypted that base64 encoded value?

    June 24
  • AFK ... work and real life has gotten in the way of HTB. As a result I not be on the site much and that means all responses to questions will be significantly delayed, just be aware and I will respond to questions whenever I get a chance.

    June 24
  • I am off of HTB for a while to focus on other project (eg hardware hacking :-D ) and don't expect to be back until at least December 2019.

    June 24
  • jmfrouin

    Hi,
    I contact you for some help on "WriteUp" box.
    I find a md5 hash and the seed but cannot reverse it :(
    I don' tknow if this is the correct way ?
    62def4866937f08cc13bab43bb14e6f7 / 5a599ef579066807
    Am I in correct direction ?
    I didn't understand the "TIME" problem, my python script works fine.
    Thanks for the time you allow to help me :)
    Regards

    June 24
  • docLuis

    Hey, I saw you managed to root LaCasaDePapel!

    I have an ssh shell and know I need to edit the cronjob "root" (right?). I tried all kinds of ways to append my commands to the cronjob, but can't get it to work. Can you please give me a small hint?

    Thanks!

    June 24

Howdy, Stranger!

Click here to create an account.