Frolic

189101113

Comments

  • edited March 2019

    Rooted ...I didnt like the user part :-1:

    Hack The Box

  • Just got root, liked this box a lot even if initial foothold isn't realistic in the slightest. PM for hints if you need help.

  • got user, but root is going to be tough since r** is not helping me much.

    Can i get a nudge please?

    sentry

  • Type your comment> @sentry said:

    got user, but root is going to be tough since r** is not helping me much.

    Can i get a nudge please?

    ippsec October

    Hack The Box

  • Type your comment> @deviate said:

    @SilkySparrow said:
    Im stuck on the /asdiS********* code, i decoded it and it gave me a bunch of random characters and index.php twic ,i read it is something with magic numbers but i dont figure out what to do next

    if you decode it and save the output to a file, what type of file is it?

    I know what kind of file it is, but i can't get it to open in the file manager for that type of file. any tips?

  • This box totally sucks apart from its priv esc which I learned a lot from. PM me for nudges if you get stuck, although everything you need is already in this thread.

  • Type your comment> @sillydaddy said:

    Type your comment> @sentry said:

    got user, but root is going to be tough since r** is not helping me much.

    Can i get a nudge please?

    ippsec October

    Got it , Thanks

    sentry

  • Cracked the ...? .. Need help with second code, tried everything but no luck, someone please help

  • Type your comment> @SilentMe said:

    Cracked the ...? .. Need help with second code, tried everything but no luck, someone please help

    Its the encoding we always crack but its not in text when you crack it... just check how we decode "that specific" string to a file, maybe?

  • Thanks that was helpful

  • I'm struggling with pl****s admin page. I can't use any non-MSF exploit. How can I get a RCE from there? Can someone PM me please?

  • Despite a reset, it seems pl****s service is down

  • now it's up

  • Hi , i find the idk**** passowrd but i can't find the webpage that i can login , any help?????

  • Type your comment> @wail99 said:

    Hi , i find the idk**** passowrd but i can't find the webpage that i can login , any help?????

    bust the dirs and subdirs...

    I Love Ice Creams

  • edited March 2019

    Hi all, I have used our orange friends language and decoded the trinary gobbledy gook from which I got nothing to understand except that part was decoded correctly. Building on that base with my favourite chef got me a bakers dozen bytes which won't expand. Is that bakers dozen due to a lack of yeast? Do I have the wrong recipe? If you can understand me then perhaps you can help me with the right recipe. Much appreciated.

    Edit: @clmtn Gave me a good ingredient to try. Managed to continue on cooking. Respect given.

  • Hi Guys,

    Need a little nudge in escalation. So I am not very good with bf.. however taking some hints from folks here.. I have copied the rp file and tried to exploit in my machine. I am able to get sy**em add and shll address. Using these two I am able to escalated privileges in my Ubuntu box.. however when I am trying this on target box.. it gives s********on errr.

    Please let me know if I can pm anyone..

    Appreciate your help.

  • Nevermind! rooted it! good machine to learn new stuff :)

  • Got user flag now looking to escalate out of www. I am pretty sure I found a binary target . I have an idea on what I think I need to do but never really done it before. Could someone please DM with some help/advice?

  • Type your comment> @kekra said:

    @l30n said:
    Yeah someone told me you can do everything on the machine as a www-data user? Can anyone verify that?

    Yes - no escalation to another user required for rooting the box!

    To everybody struggling with priv esc: I'd recommend again to search for videos on retired boxes that required the same type of BOF - and to practice with one of these boxes if you are VIP.
    For me, those videos were the best and fairly self-contained 'step-by-step' tutorials for that method. If you rooted one of the old boxes, you should be able to use your old exploit script as a template!

    Any recomendations of speciai machines/videos to learn :) ? Thanks a lot

  • got the idk password and dirbusting the dirs and subdirs the hole day. Can someone give me please a hint about the location where I can use this?. Thanks

  • edited March 2019

    Im on the stage of getting root shell but cannot find the /bin/sh address. I have tried a script and other things but cannot get it. "Somebody! anybody! Help me!!" ...please. Thanks

  • can someone help me with the second one decodation?
    PM me please!!
  • This was my first machine ever, spent literally 15+ days to get the user and root.

    Had to go through hundreds of docs, scripts & videos

    Special thanks to ippsec, clmtn & mendedsiren63 :)

  • Managed to root the box. Awesome priv esc, never did one like that. Thanks to @mendedsiren63 for helping out with awesome nudging without spoiling! :D

    Maglok

  • Could someone PM me with some help with priv esc? I got it to work on my host VM but cant seem to get it to work on Frolic.

  • got user
    going for root now

    Hack The Box

  • edited March 2019

    Hi, can someone help me on the ind....hp file ?

    Hack The Box

  • Finally got root, thanks to @ippsec videos
    Learned so many things from this box

    Hack The Box

  • Also rooted the box. Return to libc is the technique that you need to learn. And for the first part just google the strange characters that you get and google will help you to find some strange progamming languages.

Sign In to comment.