Frolic

189111314

Comments

  • Hey, found PlS and user/password creds on the http port, but lost on what to do from here...any help is really welcome!

  • rzkrzk
    edited January 2019

    I'm just too stupid.
    I have access to the A**** Panel and also have created an S*****. I've tried everything on Tri***** and Ite**. But I don't get it executed.
    Please PM so that I can make the first step towards user

    Edit: Wrong Forum sorry ! :(

  • Just wanted to say a big thank you to @sahay for this box. I actually quite enjoyed the initial "challenge" and got through it really quickly, but then got stuck for a few hours due to not checking my dirb output carefully enough. Doh! Mental note made for the future!!! :) After getting user I had an idea what I needed to do, but having never done anything like it before I needed to do some research. Thanks to everyone who mentioned the video for a previous box. I watched that super carefully, did a bit of work and then Boom! Rooted! :D From reading some of the other comments here I'm pretty sure people are going to read what I'm going to say next and think "WTF has she been smoking" lol but I loved this box, I think it's been my favourite so far :open_mouth: Great little root challenge and a nice little intro to BOF. Definitely learnt a few things from it.

  • Stuck at the ?.! message. PM me please !
    Thanks in advance

  • Rooted thanks @dionero for the hint provided in the comments. Its enough for privesc of frolic

    OSCP

  • Any hints for root reverse shell ? I already got root.txt

  • How can you get root.txt without having a shell?

    Enjoyed this box. Well not the user part but root was a good recap for some BOF.

    Last time I did a good BOF was Calamity which was a lot harder than this one but just shows if you dont use it you lose it.

    Was good learning how to obtain address without a certain program. Thanks to IPPSEC for that.

    If you're stuck: Get it working exactly the same way on your host as you intend to on Frolic, that includes your method for getting addresses.

  • Hello guys I'm trap in this box I found that password I dont know if is a rabbit hole like the login on 1880/red but I don't find where to login whit that pass I enumerate a lot in directory and subdirectory but nothing I try on s......t but nothing, I don't know any hint should be appreciated please give me PM THANKS

  • Guys please can someone PM I'm trap with this long code I dont find the way to decrypt, even I dont know what it is can some please give me a hint were to decode.

  • HI, I'm stucking on frolic priv esc path.the one problem for me is Gdb is not here. Can you give me some help and tips about this machine, brothers?

  • good idea google: http://cipherfrolics.com/ thanks for that hint

    peek

  • Hello guys Im trying to get root with b....o....the script is like in O....R IPPSEC, I have the system,exit,and bash I run the code but nothing is happening.... I dont know where is the issue I can not figure out.... I I'll really appreciate a message in PM
    Thank you in advance

  • got root, nice box for training some skills. ( gef plugin helps a bit)

    peek

  • edited February 2019

    HI, I got some pwds and user for the pl***** page but it's not working. I reset the box and also tried multiple users but still not getting in. Could someone please PM me to validate correct user?

    EDIT: so I tested the access using msfconsole and it worked, so could someone please confirm if the webaccess to Pl***** should work or not? Thanks.

    PP

  • edited February 2019

    Really Close: I think I need that final nudge. I copied the binary to my Kali 32 bit, followed the instructions on that IPPSEC video. Crafted the exploit with the system address, a random exit address and the /bin/sh address in libc. Ran it on my Kali and it spawned a shell. Exited out of that shell and got segmentation fault which is expected as I used a random exit address. So basically to me, everything is working. Now I copy my python exploit to Frolic and when I run it, it does not spawn a shell and crashes with "Segmentation fault (core dumped)". What am I missing? I know I am really really close :( Please help.

  • Type your comment> @sportsfreak said:

    Really Close: I think I need that final nudge. I copied the binary to my Kali 32 bit, followed the instructions on that IPPSEC video. Crafted the exploit with the system address, a random exit address and the /bin/sh address in libc. Ran it on my Kali and it spawned a shell. Exited out of that shell and got segmentation fault which is expected as I used a random exit address. So basically to me, everything is working. Now I copy my python exploit to Frolic and when I run it, it does not spawn a shell and crashes with "Segmentation fault (core dumped)". What am I missing? I know I am really really close :( Please help.

    I directly followed ippsecs video and got a shell in first try. Can you me which video you watched?

  • @D4n1aLLL Got root just now. Missed the offset part. Did not watch the video all the way till the end. Big thanks to @humurabbi for asking me to watch the entire video.

  • Anybody know why this machine is so unstable ? every 5 minutes everything stops responding. Can't progress efficiently on that machine because of that.. :/

    OSCP, OSWP, GCIH, CEH, Security+, VHL Advanced+

    https://www.phrozen.io/

    Hack The Box

  • edited February 2019

    Oh My God . It was so sucks. I find id*****s . I waste more time on Node-red . But I finally find pla***s on something else. now I can't login. I try all I found the users and passwords.
    need hint. Please PM me. thanks.

    edit: login success.

  • misc challenge is very helpful for this machine.and I complete all misc challenge. so I quickly found cert. But I waste more time to find pl****s.I did a subdirectory scan。but I
    Stupidly append path to subdirectory and I got 404. my god. I know I am in finally step to get user.but why I can't login. ummmmmmmmm. Please PM me .

  • edited February 2019

    Can anyone help me with getting user? I have creds I just don't know what to do with them.
    Edit: I got user and root.

    If someone else that got root would tell me their approach, I'd be interested.

  • Rooted!!! Interesting challenge, lot of learning from this box. If you need some hint to do this please PM me. Im glad to help as anyone that help me to solve it.

  • edited February 2019

    Got user

  • Whenever I try to u*p the file, it says "its not a archive. I have taken the base64 code and converted it to hex. After which I created a z file using vi hex mode and pasted the hex code obtained.

    But its not working, can someone help? What am i doing wrong?

  • So I figured out what to do with the second weird strings and got a new one now.. ughh stuck on this point. PM me please I need help :(

  • Type your comment> @positivevibes said:

    So I figured out what to do with the second weird strings and got a new one now..

    Got me beat, I am still stuck on the second weird string! Could use some advice where to look to figure that one out,please!

  • need help in prevesc

  • someone can helpme?
    i have one passw or i think this, but no have usr.
    and no have more ideas.

  • Rooted! Very fun BOF exercise at the end too. Finally learned the basics of ROP haha. I'm really conflicted about this box since I didn't enjoy the process to get user at all... but privesc was incredibly fun!

    berninator
    Out of practice OSCP

  • ok, decoded a bunch of strings to get an index file. But it wont open when I use Cyberchef, and the z.i.p says it has a password when I use another decoder// Very frustrating first box for me. Are all of them like this one?

Sign In to comment.