Frolic

145791014

Comments

  • If someone who understands BOF (and r** in this case) and could teach me a little bit, please PM me! I would appreciate it a lot!

  • @narwhal said:
    If someone who understands BOF (and r** in this case) and could teach me a little bit, please PM me! I would appreciate it a lot!

    You might want to google/youtube search for "security tube" and "buffer overflow primer". There are quite some good examples available. Even if at first is does not mean anything to you, just keep watching and listening cause in the end it will make sense to you. I think.

    Dltd

  • Yeah someone told me you can do everything on the machine as a www-data user? Can anyone verify that?

    Huejash0le

  • @l30n said:
    Yeah someone told me you can do everything on the machine as a www-data user? Can anyone verify that?

    Yes - no escalation to another user required for rooting the box!

    To everybody struggling with priv esc: I'd recommend again to search for videos on retired boxes that required the same type of BOF - and to practice with one of these boxes if you are VIP.
    For me, those videos were the best and fairly self-contained 'step-by-step' tutorials for that method. If you rooted one of the old boxes, you should be able to use your old exploit script as a template!

  • @Skunkfoot said:

    @TazWake said:

    @Skunkfoot said:

    I think the "Difficulty" column relates to the level of difficulty a little more :P But I get what you're saying

    I agree with both of you.

    I think a lot of people new to HTB will try to start with this box because "its only 20 points, how hard can it be" and it is marked 5/10 (I thought it started out lower than that) with a lot of "easy" votes.

    However, judging by the comments on this thread, questions I've been asked and the fact it took me nearly two days to get the first bit of code translation, I wouldn't recommend this to new people. It isn't a bad box, but there is a lot of it which is far from intuitive and not exactly what you'd expect from trying to own a box.

    Yeah I agree, I would definitely send them to something like Jerry over this box to start out with

    Agree that this is def. not a box for a new user ... I put banged my head to just get user ,still researching root

    Hack The Box

  • edited October 2018

    Okay finally past all the decoding. A little initial fumbling with my web recon tools, plus googling, using ZAP, and keeping careful track of what I found and trying it, followed by more googling and landing on an awesome useful website and now.... I'm ready to go get user. But first to sleep.

    Edit: got user and now I have a couple of good tools to add to my hacker toolbox :-).

    LegendarySpork

    LegendarySpork

  • Got the password idk*********. But not sure how to proceed from there. Any hint please?

  • @axle05 said:
    Got the password idk*********. But not sure how to proceed from there. Any hint please?

    You are near the user finish line. Finding where to use the password is one of the last steps.

  • rooted. this machine was really a pain... but well thanks to some people I got it...

    1nitiative

  • Got the addresses for system exit and /bin/sh I have the buffer size yet every single time for days and 1k attempts all it does is buffer overflow segfault no drop to root shell....wtf is going wrong.

    cslatt05

  • @redout said:

    @axle05 said:
    Got the password idk*********. But not sure how to proceed from there. Any hint please?

    You are near the user finish line. Finding where to use the password is one of the last steps.

    I found the place to use this password. Unfortunately I'm stuck there now: I see 3 different vulns, but is quite certain those are for another version. Does this sound correct?

  • @asger said:

    @redout said:

    @axle05 said:
    Got the password idk*********. But not sure how to proceed from there. Any hint please?

    You are near the user finish line. Finding where to use the password is one of the last steps.

    I found the place to use this password. Unfortunately I'm stuck there now: I see 3 different vulns, but is quite certain those are for another version. Does this sound correct?

    There is most definitely a vulnerability that can be exploited.

  • And that's the easy part...why is this a 20 point box when the OSCP buffer overflow exam is easier lol

    cslatt05

  • @cslatt05 said:
    And that's the easy part...why is this a 20 point box when the OSCP buffer overflow exam is easier lol

    Who cares about the points anyway?

    HTB - the site where everything's made up and the points don't matter :wink:

    --Skunkfoot

  • https://www.shellblade.net/docs/ret2libc.pdf maybe someone can make the damn thing work

    cslatt05

  • @redout said:

    @asger said:

    @redout said:

    @axle05 said:
    Got the password idk*********. But not sure how to proceed from there. Any hint please?

    You are near the user finish line. Finding where to use the password is one of the last steps.

    I found the place to use this password. Unfortunately I'm stuck there now: I see 3 different vulns, but is quite certain those are for another version. Does this sound correct?

    There is most definitely a vulnerability that can be exploited.

    Thanks!

  • Rooted if anyone needs a hand PM.

    "I have no special talents. I am only passionately curious"
    Besides hacking let's be friends | https://t.me/Oxt0x
    t00x](https://www.hackthebox.eu/home/users/profile/33640)

  • Hey. I got the idk password, and filled in the shell via csv file, but I can't do anything and get the shell. Metasploit does not open the session, give a hint

  • edited October 2018

    How the heck do you see addresses without usual g** tool? I've tried with s***ce but I'm stuck. Anyone willing to PM me a pointer to the right tool? I'm not in a position to spin up another VM so I'd like to do it right on the box itself.

    LegendarySpork

    LegendarySpork

  • edited October 2018

    @LegendarySpork said:
    How the heck do you see addresses without usual g** tool? I've tried with s***ce but I'm stuck. Anyone willing to PM me a pointer to the right tool? I'm not in a position to spin up another VM so I'd like to do it right on the box itself.

    I had the same struggle. One of Ippsec's videos for the following machines has all the answers: https://forum.hackthebox.eu/discussion/788/what-are-the-machines-with-buffer-overflow-ranked you will know what tools to use.

    The TL;DR is that you don't need to spin up another VM. If you don't want to watch through the videos, just think about what exactly you need from g** and find the tools that get that information.

  • Don't forget to be a bit offset about this

    cslatt05

  • edited November 2018

    @redout said:
    ... https://forum.hackthebox.eu/discussion/788/what-are-the-machines-with-buffer-overflow-ranked
    ...
    The TL;DR is that you don't need to spin up another VM. If you don't want to watch
    through the videos, just think about what exactly you need from g** and find the tools
    that get that information.

    Thank you for the pointer.

    Edit: got root. Not hard, I just needed some rest. It turns out I have a system with the right architecture for development and I've even used the relevant tools before for debugging. I definitely would not want to try this without a system to do the development on.

    LegendarySpork

    LegendarySpork

  • got root...pm for hint...

  • The first part really really sucks, but I learned something from both the user part and the privesc.

    I think IppSec's October video might help anyone struggling with privesc.

    dionero

  • @dionero said:
    The first part really really sucks, but I learned something from both the user part and the privesc.

    I think IppSec's October video might help anyone struggling with privesc.

    TY for this

    Huejash0le

  • edited November 2018

    Edit: Got the pass, now its time to look where to use it..

    avoidy

  • Rooted.

    Took me a very long time lol, I'd never attempted the method required for priv esc (well seriously attempted), feels so good to have pulled it off successfuly!

    Feel free to message me and I'll try my best to help w/o spoiling

    allahackbar

  • @kekra said:

    @l30n said:
    Yeah someone told me you can do everything on the machine as a www-data user? Can anyone verify that?

    Yes - no escalation to another user required for rooting the box!

    To everybody struggling with priv esc: I'd recommend again to search for videos on retired boxes that required the same type of BOF - and to practice with one of these boxes if you are VIP.
    For me, those videos were the best and fairly self-contained 'step-by-step' tutorials for that method. If you rooted one of the old boxes, you should be able to use your old exploit script as a template!

    Yes, you can root from www-data, I just did.

  • @tty said:

    any idea with what to do with the decode ...!? string

    Same here, can see some informations when trying to decode (seems to be filename) but cannot get something relevant.

    Any hints ?

    Magic numbers.

    this is a really good hint :)

  • Can someone help with the ROP? PM

Sign In to comment.