Zipper

1235715

Comments

  • Why can't I find anything on this box... anyone wanna PM me on initial?

    WillIWas

  • @dualfade said:
    After 92 thousand seven hundred and 12 point 5 resets. rooted. As stated; Nothing like Sufference nor Pain for that matter.

    Tip -

    • Don't use the web interface
    • Follow the white rabbit.

    You are right.

  • May I ask a hint for dictionary? I was trying to use rockyou, but the machine is always be re-set. I cannot finish my brute force attack.

    Or, I am totally wrong? I do not need to use dictionary? or I need to focus on something else?

  • @houserenren said:
    May I ask a hint for dictionary? I was trying to use rockyou, but the machine is always be re-set. I cannot finish my brute force attack.

    Or, I am totally wrong? I do not need to use dictionary? or I need to focus on something else?

    you should definitely try putting together your own wordlists based on some basic initial enumeration. rockyou will take you way too long

  • @houserenren said:
    May I ask a hint for dictionary? I was trying to use rockyou, but the machine is always be re-set. I cannot finish my brute force attack.

    Or, I am totally wrong? I do not need to use dictionary? or I need to focus on something else?

    dont use rockyou. if u wanna use a dictionary attack then use a custom list. but no need for dictionary attack!

    KS007

  • @cyb3rsinn3r said:
    Alright, I'm doing something wrong but I can't figure out what. I have my reverse shell as zab*** but I see nothing in the /home. At one point I did and I could actually see user.txt but I couldn't cat it.

    Any hints would be welcomed!

    Thanks!

    Edit: If someone PMs me, I can tell you what I have done so far - not looking for a handout, just a hand up. :)

    Read through the previous hints...if you think you're in the wrong place, you probably are. No user.txt in home folder would be a good indication of that

    --Skunkfoot

  • can someone point me towards getting a proper tty... kinda noob here

  • Really stuck on root privesc, anyone care to give me a hint please :)

  • Lets put boxes to root out hear without any training. Great idea!

  • For USER:
    Make sure you get a shell to the right location or host. Ensure your reverse shell settings are correct. If your reverse shell box's hostname looks random, you're in the wrong spot.

    Upgrading your reverse shell user:
    Look around for some custom scripts and see if you notice anything interesting about them. How could you use that information to get from one user to another?

    For ROOT:
    This one took me a while to get right even though it's pretty simple. Research common priv esc methods. Do you have something available to you that matches one of those methods? Once you identify which method to use, do some research about why the exploit works and why it tricks the system into giving you root. Then figure out what system commands that thing is actually performing with the input you give it. How could you trick it into running different, custom commands that would pop a root shell for you?

    Please report if you feel like this is too much of a spoiler, it won't offend me :)

    --Skunkfoot

  • Finally got root. This is an amazing box!

    USER:

    • use your own wordlist not rockyou! But before creating your wordlist gather as much info as possible and look for typos.

    • If you find something useful and working in searchsploit modify it to fit your needs.

    • With the right items you have to take massive action to get a stable shell.

    ROOT:

    • You dont need msfvenom if you can compile C

    If you ask for help, show your workings and what you've tried or I won't reply.

  • @Senpaisol said:
    Finally got root. This is an amazing box!

    USER:

    • use your own wordlist not rockyou! But before creating your wordlist gather as much info as possible and look for typos.

    • If you find something useful and working in searchsploit modify it to fit your needs.

    • With the right items you have to take massive action to get a stable shell.

    ROOT:

    • You dont need msfvenom if you can compile C

    You don't need to compile C if you can use bash :P (but either way works fine). And yeah, good advice about the wordlist stuff. It sounds like there's a way to do this with an exploit and a way to do this with the GUI, so don't think you're limited to just one method of gaining access.

    --Skunkfoot

  • edited October 2018

    For root: strings will point you in the right direction after you find a special file. You shouldn't need to compile anything, just echo it.

  • @dualfade 100% worth VIP.

  • @0x29A said:
    @dualfade 100% worth VIP.

    +1

    --Skunkfoot

  • Hey everyone, found user and password, got GUI access disabled, can someone pm me with a direction to access via C*I ? Thanks !

    Hack The Box

  • Whoa, whiplash, the "location" switched itself right under my feet!

    LegendarySpork

    my badge doesn't work, click on my profile if you want rank and stuff

    LegendarySpork

  • So it appears to not be 39937 as it makes you go to the wrong server...no gui access for the login....no brute forcing....guest access doesnt do much....what gives

    cslatt05

  • @cslatt05 said:
    guest access doesnt do much

    Guest access is all you need for initial foothold. Try harder (look closer)

    --Skunkfoot

  • edited October 2018

    @nickxla said:
    Hey everyone, found user and password, got GUI access disabled, can someone pm me with a direction to access via C*I ? Thanks !

    Got credentials but access is weird.

  • I managed to get a script working and I can get a reverse shell at any time, even after the box resets, but I'm stuck here. There seems like there isn't much to be seen on this box and I can't run anything. Got up to this point in maybe an hour and something and can't work this part out.
    Any hints or clues maybe?

  • I found this box very interesting as at every step there seem to be different ways to achieve the same / a similar result.

    My hint for user as I found that the biggest challenge: There are (at least?) two different ways to get code execution using the z service - for one of them it is possible to overcome the 'instant shell reset issue' easily. For the other one it is not (I think).

    If you happen the spot the 'good method' first you would never notice that there is a 'shell reset' issue...

  • Hmmm..you have to go through the manager to get to the agent....right

    cslatt05

  • Hardest part of this one was figuring out wth was going on at first. Also the hardest part was getting a stable user shell (maybe not strictly needed but makes life so much easier). I got the root flag before the user flag. It will be interesting to see the writeups.

    LegendarySpork

    my badge doesn't work, click on my profile if you want rank and stuff

    LegendarySpork

  • finally managed to get user, what a ride :astonished:

  • Really dude?

    --Skunkfoot

  • edited October 2018

    Well I'm unsure if other boxes are like this one, but this one was maybe slightly too "complex" to put on. This is my 2nd box and throughout the past 2 days it has constantly been resetting, I doubt anyone can properly work on it. There are a ton of modifications by others that just keep messing with what other people have put on.

    Well, I'm still being stuck on doing the privesc as I have to constantly repeat the steps to get the shell back to me.

  • @Veki said:
    Well I'm unsure if other boxes are like this one, but this one was maybe slightly too "complex" to put on. This is my 2nd box and throughout the past 2 days it has constantly been resetting, I doubt anyone can properly work on it. There are a ton of modifications by others that just keep messing with what other people have put on.

    Well, I'm still being stuck on doing the privesc as I have to constantly repeat the steps to get the shell back to me.

    If you're in the right place as the right user, grab the SSH key and SSH in :)

    --Skunkfoot

  • I have got the shell but not at right place.. I have been enumerating but not getting any thing which could point me to right direction. Any hints plzz?

  • Someone last night was managing to break out of containers onto the host when connecting with a script found in searchsploit. Could you hit me up? I'd really like to know how you were doing it.

Sign In to comment.