Vault

13468913

Comments

  • edited November 2018

    @sfox0x01 said:
    Can anyone pm me pls for initial foothold? Enumerating for hours but not able to find anything.

    Lol. Nevermind. Got 404 for over an hour using the correct folder. Now getting 403

    I too faced it. Even name resolution server goes down sometimes.

    MrR3boot
    Learn | Hack | Have Fun

  • edited November 2018

    Hello everyone.
    Someone could help me out of DN *, I saw the file log found the command nc * with the ip of vault along with the open door, someone can make me a pm and maybe it helps me explaining how to get there? I'm a newbie and I would like to learn. I apologize for the horrible English

    -do you give me confirmation that the configuration site gives problems? Thanks

    Hack The Box

  • @PsyXsouL said:
    Rooted! Really awesome machine
    and I don't see any hints on the page for vault yet so here are few without spoiling it!!
    For user find a place to upload something and then call it to get rev shell, check for listening ports and rest you are smart!
    For root it's very straightforward
    Have a look at logs and you'll find your way in!
    Good luck!

    found place to upload, but failed to get reveserse shell, do i need to change file type from php to jpeg?

    banteng999

  • rooted C:, learned a lot in this box.

  • I think this box has a lot of elements that OSCP lab has to offer (except for buffer overflow of course). I learned tons in this box, and especially like the pivoting aspect, very interesting in each step of the way to root. My brain actually hurts after non stop hacking. Thanks to @fjv and @roastymaus for providing invaluable hints.

  • i thought OSCP has 1 buffer overflow exploit?
  • jkrjkr
    edited November 2018

    .

  • You might be overthinking it. Have a look at its contents and see what you could do with that combined with the webpage.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • first attempt at this box - found that first folder. Sneaky ! - made me laugh

    ZaphodBB

  • edited November 2018

    Are others also having trouble with pivoting into the D** box? I have the correct approach and technique (I've gotten a shell twice), but it is incredibly unreliable. The exact same command, which worked a moment ago, copy/pasted to retry, doesn't work.

    Moreover, resetting the box on the dashboard doesn't do anything. Eventually after waiting for 1.5 hours for it to reset, it reset -- and then the same technique worked again, but only once.

    What is going on with this box? Is it being hammered that much or do I have it wrong somehow? I don't want to post what I'm trying in detail here, that's obviously why I'm omitting details.

    Edit: I overlooked the fact that there is an easy way back in, once you've gotten in once. That at least helps a lot. I was too eager and used the file in question to move onto the real target not realizing the same credentials gets you back into the D** box.

  • @raiden99 said:
    Are others also having trouble with pivoting into the D** box? I have the correct approach and technique (I've gotten a shell twice), but it is incredibly unreliable. The exact same command, which worked a moment ago, copy/pasted to retry, doesn't work.

    Moreover, resetting the box on the dashboard doesn't do anything. Eventually after waiting for 1.5 hours for it to reset, it reset -- and then the same technique worked again, but only once.

    What is going on with this box? Is it being hammered that much or do I have it wrong somehow? I don't want to post what I'm trying in detail here, that's obviously why I'm omitting details.

    Also I am three days that I have the same problem, to have a shell wrapped I have to wait hours, and when I'm inside another reset part.

    Hack The Box

  • That was a fun env for sure. Nice !!

  • edited November 2018

    Hi there,
    Is the o**n a rabbit hole? I could not find any way to leverage it. Or is the v***/s*** thing is the right way in?

  • @Zoakish said:
    Hi there,
    Is the o**n a rabbit hole?

    No

    --Skunkfoot

  • Anyone willing to give a hint (PM) on file upload? Genuinly stuck, have researched several things and tried even more, can't seem to get it working.

    center

  • @Center said:
    Anyone willing to give a hint (PM) on file upload? Genuinly stuck, have researched several things and tried even more, can't seem to get it working.

    You may not need file upload. There are other options.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • got root on 192...4 DNS box.
    there are:
    1...n s....sh
    Please pm for direction what do to with these files...

  • edited November 2018

    .

    dionero

  • edited November 2018

    .

  • @dunnomilton said:
    Please pm for direction what do to with these files...

    Read them.

    Then you need to find a way to use what they say, so it would be good to treat the new boxes like any other new box and enumerate. Find out what ports are open (net cat can be used as a portscanner if you cant get nmap on it) and then enumerate them.

    Once you do this, you will find the thing you need to use the files you've found.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • @evandrix said:
    is the credentials to access 192.168.122.4/5 on the host 10.10.10.109?

    Have you checked if you need credentials?

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • gobustering should always be supplemented with a custom word list (which may include only a couple of words). Cewl is there if you need it.

    LegendarySpork

    LegendarySpork

  • edited November 2018
    nvm, rooted!! *happy pixie dance*
  • Nice one!

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Currently got user but im unsure where to go from there i have done some Lin enumeration but i have no idea where to go from there any assistance?

  • @marshy said:
    Currently got user but im unsure where to go from there i have done some Lin enumeration but i have no idea where to go from there any assistance?

    Are you root on your current box? If not, I'd try to get that, although I'm not sure it's absolutely necessary. Either way, step one will be to figure out what your next target is. It's hard to know what to do if you don't even know where to do it. ;)

    --Skunkfoot

  • edited November 2018

    So I've grabbed the root flag. Anyone actually become root on the machine named Vault? It looks possible.

    LegendarySpork

    LegendarySpork

  • @LegendarySpork said:
    So I've grabbed the root flag. Anyone actually become root on the machine named Vault? It looks possible.

    It maybe - the restricted shell escape is fairly easy, but its not clear if there is any value to this.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • edited November 2018

    Oh I escaped the restricted shell, that was less than trivial, but you're right not necessary for grabbing the root flag. I'm not actually a root user though. Did you actually escalate to root there after getting the root flag, @TazWake ? If anyone else has done it, I want to do it too ... I think it's possible but I don't want to spend days on something that won't work.

    LegendarySpork

    LegendarySpork

  • I never escalated to route on the Vault box. There is a fairly trivial escape if you want me to DM you.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

Sign In to comment.