Carrier

1121315171828

Comments

  • got root thanks to the tremendous help of @jkr

  • edited November 2018

    I got RCE and spent the past 24 hrs hammering away at this with all my network-fu , I thought I had the plumbing all sorted out but I'm starting to think that is not the way to go on this . I'm trying not to be disruptive so have been very subtle with "engineering" as if this was a production environment , can someone PM me / give me a nudge to confirm that a more aggressive approach is the right way to 'hijack' the root flag on this box ?

    Hack The Box

  • Have been stuck on priv-esc for so long. I had quite some days of researching. I believe I have a correct map of the environment, have some traffic in my hand, but this type of challenge is still very new to me. Some help would be greatly appreciated.

  • Got the root :)

  • Got root. Thanks to the dudes who helped me out there. Great box

    If at first you don't succeed, google the error message

  • @blueorchid said:
    Have been stuck on priv-esc for so long. I had quite some days of researching. I believe I have a correct map of the environment, have some traffic in my hand, but this type of challenge is still very new to me. Some help would be greatly appreciated.

    Which part are you struggling with? Feel free to PM me.

  • edited November 2018

    Got Root , twice actually because my VM crashed as I was pasting to claim owning system. Thanks to @s4m3sh for confirming my suspicion , I still did it subtly though :wink:

    The box is not hard , doesn't need a network expert but does require some understanding of networking concepts. It is a fun setup however I have strong doubts that this would work in a production environment.

    I would recommend that people attempting this box take the opportunity to learn how and why it works instead of just rushing it as even thought the networking part wasn't too hard for me , I still learnt to use quite a few tools in ways I hadn't tried before.

    Hack The Box

  • Hey can anyone give a hint as how to grab the initial foothold ..... i did enumerate the so called UDP port and used various scripts ..... all i know is that pu**** exists and found and OID with value which looks likes a password to me ...... what do to now ... tried every possible combination on the main web page..... but no use !!! Anyone here that can help me ???? :/

  • @Puru said:
    Hey can anyone give a hint as how to grab the initial foothold ..... i did enumerate the so called UDP port and used various scripts ..... all i know is that pu**** exists and found and OID with value which looks likes a password to me ...... what do to now ... tried every possible combination on the main web page..... but no use !!! Anyone here that can help me ???? :/

    Try to enumerate more the service you're trying to log in to, see if you can find the information you need elsewhere. It will be quite clear.

    bianca

  • edited November 2018

    guys,

    I tried to enumerated that port I6I with all tools available (snmpwn,snmenum, etc).

    but I got blank result, I tried v1 and v3 . still no result, any hint or help would be appreciated!
    btw im really newbie, just joined a week ago.

    xterm

  • @xterm said:

    guys,

    I tried to enumerated that port I6I with all tools available (snmpwn,snmenum, etc).

    but I got blank result, I tried v1 and v3 . still no result, any hint or help would be appreciated!
    btw im really newbie, just joined a week ago.

    try standart linux commands on relevant service to get an output

    kamilonurz

  • Simlar spot as people above - enumerated the port and found an interesting number looking like a password. But no username is working.. Any tips are helpful! :)

  • Can anyone help me with the "check" command? I cannot get any other simple commands to work so am clearly missing something. I have checked the source code of the page and can see the encoding. I am encoding simple commands and using them in place of the hardcoded value. Nothing is displayed? What am I missing? help please!

  • edited November 2018

    Hi,

    stuck at privesc. Got SYN but don't know how to relay packets. Also wondering why I am getting packets from eth1 and eth2. Do I need to setup a service for that port and assign both IFs this IP? Need a hint.

    Thank you in advance,
    mrothenbuecher

  • edited November 2018

    I can't seem to find root.txt but there is user.txt in /root instead. Also there is no user.txt under the user's directory:

    # pwd
    /root
    # ls user.txt
    user.txt
    # ls root.txt
    ls: cannot access 'root.txt': No such file or directory
    # id
    uid=0(root) gid=0(root) groups=0(root)
    

    Am I missing something?

  • Never mind, I think I know what's going on ... ;)

  • Im trying to login to the webpage xD. I tried with user ad**n and all the possible combination of 7765*********8 but cant login... can you give me an hint?

    Hack The Box

  • @Shocke said:
    Im trying to login to the webpage xD. I tried with user ad**n and all the possible combination of 7765*********8 but cant login... can you give me an hint?

    Go back to the basics. Scan all ports, both TCP & UDP

  • Stuck at privEsc part and I feel lost, who can lead me to some clue?

    kamilonurz

  • Just in case anyone struggling to get that initial rev-shell and only gets a non-interactive/non-responsive shell (literally no output to any of the commands), maybe the 'door' used by the connection to come back is too small and secured.

  • Hi, I'm new, I'm on the web but I do not know how to continue. someone could give me a hand.

  • please, can you PM me as i stuck the same!

  • cbxcbx
    edited December 2018

    I've got root access first machine... got a t****t connection with z***a, am I going the right direction? Dont know what to do for the next move...

    edit: answer is no.

  • I need help, can't get the reverse shell via the RFE as everytime I change the parameter I get no output... help me please!

  • edited December 2018

    I' m confused, got root shell but root.txt is nowhere to be found?

  • Hello,
    I have got user and rev shell. Stuck on PE.
    Know that I need to use B** H*****ing. However, I do not know how to do it. Kindly ask you about a hint.

  • @Ac1d0 said:
    I need help, can't get the reverse shell via the RFE as everytime I change the parameter I get no output... help me please!

    Hello,
    Someone has posted a link with different rev shells. Did you try one of them?
    PM me with your code.

  • Is it possible to escalate without interactive shell?

Sign In to comment.