• @lordsoahc said:

    @gregX01 said:
    I have identified the technique to access the database and I read database name and a few other things but I am getting the "Something went wrong error". Some to PM me hints on refining my technique to extract more info?

    I think im getting same thing when i try to inject. can someone PM to help limp along?
    every time i try inject on R******r.php page i get "Something went wrong error", any hints how to get past this?

    DM Me

  • Great box. Just rooted. learned something in order to get user. the root flag was easy for me. I already had the knowledge to do it. btw. thanks for the box

  • edited October 2018

    Can someone pm me with hints for the user flag? I don't know how to use s**c*****.

  • Just rooted this little beauty. I've learned many things. Thank you to the creator of the machine!

    PM me if you get stucked. Only specific questions.

  • Just rooted.
    Path to user was pretty frustrating, even though it was so simple.
    Path to root was fun. found it pretty realistic.
    hardest/most annoying part about rooting is figuring out how to get a stable shell

  • Hello guys, i'm stuck on first part.
    Im able to get some usernames and hashes from the database.
    Do i need to crack these hashes with h*****t (Way too long with my computer) or there is another way to get to the other service ?
    any hints ?

  • Hi all, i'm having a lot of 500 errors trying some queries, is this normal? I'm following the track of Nightmare but I'm stuck!! Some advice is welcome... please PM


  • I just have to say, this is one of the greats! So many shellz.


  • This is my second box and it is a serious kick in the nuts. Can anyone PM me some hints?

  • Would greatly appreciate if someone can give me a nudge on how to root (:

  • edited October 2018

    Hi ! Need a little help PM me plz i got a limited shell i dont know how i can go further

    EDIT: Rooted ! Ty @iamr00t for the help ! nice box !
    @ChiefCoolArrow thank you but this was not what i meant. I got a shell as user "i** a*****/n******" and i was struggling to get user but @iamr00t helped me with that. Thanks anyway :)

  • edited October 2018

    @Loss420 said:
    Hi ! Need a little help PM me plz i got a limited shell i dont know how i can go further

    @Loss420 @Daffyspider
    W10 added some cool Linux features recently. Explore what you can do with them.

    If any HTB users have helped you with a challenge or hint please consider giving them +respect on their profile.
    Here is mine is you would like to do so.

  • edited October 2018

    how on earth are you guys getting stable responsive shells?! it on to privesc!

  • I am very new to windows... I have some doubts... Can someone pm me for help..

  • Finally got around to doing this one. Thanks for nudging me to find time today @n8. This was actually a pretty nice box. I had a long night of fun with this one.

    Best hints I can give:
    Don't overthink it!
    Don't assume stuff...check.
    People have already given all the good ones.

    Hack The Box

  • Just rooted this box. Good times, honestly.

    I was really frustrated with the initial foothold. I learned a bunch there, and I could have sworn that I tried what ended up working before and it didn't work, but that's probably on me. I really liked the initial entry to this machine.

    Root was a bit trickier. The solution was simple and there are plenty of hints. The usual actually, enumeration of files and then their contents is key for privesc.

    PM me with any questions.


  • edited October 2018

    << redacted >>

  • @evandrix said:

    @TheInnocent said:
    Rooted. My hints for this box:

    • first part: use one of the most famous hacking techniques for crafting malicious inputs in web-apps
    • second part: use the "new" service to load your shell
    • third part: look around to see what "new feature" has been added to windows systems
    • fourth: use that feature to gain root as you would usually do

    p.s. the cool thing is that you can perform phases 2 and 4 in a variety of ways

    only seems vulnerable to x*s but not s**i

    you won't see it with s***ap


    "I recognize, Mr. Reese, that there's a disparity between how much I know about you and how much you know about me. I know you'll be trying to close that gap as quickly as possible. But I should tell you... I'm a really private person."

  • edited October 2018

    << redacted >>

  • edited October 2018

    Can someone PM me regarding the initial foothold? I understand the nature of the first vuln, but do not understand why it only works a certain way. Also would appreciate some tips in how to enumerate what I can extract from aside from just the credential I've extracted.

    Edit: Learned something new about com***ts, apparently sometimes they require a value.

  • edited November 2018

    I'm currently stuck at privesc.. I know I to use the 'new feature' in W10. Can't figure it out what exactly to use. If someone would like to discuss this, PM me :)

    Hack The Box

  • To anyone currently doing this box, If you're getting a 500 internal server error you DO NOT NEED TO REVERT THE BOX EVERY 2.5 MINUTES.

    Fix the thing youre injecting and then get on with it.

  • edited November 2018

    @lukeasec said:

    @x0xxin said:
    I got root.txt. Has anyone root shelled this box?

    I just manage to get it. Very fun box, root shell not needed but popped for fun. It's probably not the easiest way but some tools were just acting funny against this box - anyone else got it in a nice, clean way? At the moment the way I got root shell it's a two stage process...

    There is at least one tool in the impacket library that can be used to get a shell once you know how to get the flag. The version installed in kali did not work for me. I used the latest release from the git repo:

    The way the tool achieves code execution is also a multi-stage process. Quite interesting to inspect the traffic in wireshark when it does its magic.

    EDIT: the post was probably misleading. You need administrative access to use the tool. This is not the way to get the flag. Once you know how to read the root flag, you will most likely be able to use it.

  • could anyone share a hint on how to use the new feature? i can't figure out how to work my way around the windows file permissions with it.

  • I just gonna hit myself hard in the face for not enumerating this dir. Rooted.

    Hack The Box

  • Just rooted the Box! Its was the best priv esc i've ever experienced! I' loved it! Big thnx to @0xdf for this amazing box!

  • edited November 2018

    I was able to obtain the password hash for t**** from the S**i*****
    I really need help for cracking/ continue from here
    PM me PLZ

    Edit - Got user and root
    Thanks a lot to @sixtonspacefly for some good brain hints

  • can someone give me a nudge regarding priv esc? i'm definitely missing something here

  • edited November 2018

    There are some absolutely terrible "hints" in this thread. There's also some "wow amazing privesc!" comments which make me wonder....

    There is nothing spectacular about this box. User requires some guesses of exactly what's installed on the machine to get a reverse shell... and when you get to privesc, you need not venture far beyond the desktop to figure it out.

    Also, none of the writeups include an actual shell, but once you have creds, impacket can do it for you.

    No brute forcing required. Which is a good thing I think brute is a lazy and wasteful method.

  • edited November 2018

    This box is a lot of fun! I was able to grab hashes from "X" using "Y" and have a question on how to move forward. Do I have to crack using graphics card or is there another way? Feel free to PM. Thank you in advance.

    NM. I know what to look for.

Sign In to comment.