Hint for HELP

1232425262729»

Comments

  • Can anyone point me in the right direction? I tried all the different ports but keep getting "WARNING: Failed to daemonise. This is quite common and not fatal. Connection timed out (110)", someone mentioned firewall but I'm lost right now.

  • Type your comment> @lufee said:

    Can anyone point me in the right direction? I tried all the different ports but keep getting "WARNING: Failed to daemonise. This is quite common and not fatal. Connection timed out (110)", someone mentioned firewall but I'm lost right now.

    ahh.. figured it out

  • Type your comment> @lufee said:

    Can anyone point me in the right direction? I tried all the different ports but keep getting "WARNING: Failed to daemonise. This is quite common and not fatal. Connection timed out (110)", someone mentioned firewall but I'm lost right now.

    Pretty sure that’s a message coming from your php reverse shell. If you are listening to the port specified in the reverse shell code and you get a shell it mostly shouldn’t matter. Reasons as to why can be examined within the code :)

  • hey guys, rooted this box already but could someone pm me about the port 3*** method you used as i would love to learn about it

  • Type your comment> @bluealder said:

    @shadowdriu said:

    @bluealder said:
    I am so confused, I managed to get user without too much trouble, but now I'm struggling super hard with root, unlike everyone else on this box ahhh! If someone could give me nudge for root I would really appreciate that!

    Also struggling to get root. Help would be appreciated.

    Legit got it 5 mins after posting this, was strugling on it for a day or two lmao. PM if you need a hand

    just tell me which port should i use to exploit 80 or 3000
    as node.js app didnt gave its profile cookie...help me if u can thanks

  • Can someone PM me for a nudge, I've found the exploit and edited it to aim at the webserver. I've uploaded a file which claims is not allowed but looking at the application's source code, this shouldn't be a problem. My local time and the server's time are in sync. Still failing however.

  • Hi - Is there anyone who can PM me to give a hint on where I am going wrong with this box....I am almost there I think.

  • I've found the user and pass, but still no luck of finding app. the apache seems not working for me... any hints ?

  • This is very nice box! Got root and user, by time and kernel. Will try the other way too. Thanks!

    Hack The Box
    If you appreciate my help, please give +1 respect https://www.hackthebox.eu/home/users/profile/50022

  • Type your comment> @karelchajim said:

    This is very nice box! Got root and user, by time and kernel. Will try the other way too. Thanks!

    @karelchajim said:
    This is very nice box! Got root and user, by time and kernel. Will try the other way too. Thanks!

    Same here but the 3*** port thing is new for me. If you give me some help will be apreciated.

    Hack The Box

  • Type your comment> @srsamuka said:

    Type your comment> @karelchajim said:

    This is very nice box! Got root and user, by time and kernel. Will try the other way too. Thanks!

    @karelchajim said:
    This is very nice box! Got root and user, by time and kernel. Will try the other way too. Thanks!

    Same here but the 3*** port thing is new for me. If you give me some help will be apreciated.

    Identical situation....

  • blkblk
    edited June 2019

    Rooted (using no-creds method). Was actually more of a challenge than expected. I mainly had some struggle editing the exploit.

    I'm curious though: I didn't find nor need credentials. Could anyone pm me how they got credentials and what they used them for?

  • Rooted and User pwned. PM if you need help. Definitely if you're trying to get the points before it retires. Relatively straight forward box concerning thought process after enumeration.

  • anyone got a hint for root for this box i got user but my exploit isnt working if you can help dm me here or on discord: Citadel#1014 thanks

  • Finally Rooted !! Thanks @GibParadox and @MalwareMonkey

  • edited June 2019

    nice box, PM for hints if needed.

  • Type your comment> @ggplsdntchse said:

    I have tried all the possible steps:
    submit ticket :-
    step 1 file supported
    1: change time zone to L0
    2: upload s*e
    with extention (no luck)/ call it back after changing the 'x' range

    step 2 er: file not supported (no luck)
    yes I have changed php -reverse -shell already using (/usr/share/webshell/php/reverse*)

    in exploit not sure what code should I use ?
    currentTime= (??????)
    Thanks

    rooted

  • edited April 20

    I've been working on this box for a few hours now. Following Ippsec's guide to figure out how to fix the exploit - I keep getting the same error that it cannot find my uploaded file and I am not sure what I am doing wrong at this point. the path is correct, the timestamp is correct, I make sure to time the exploit. Can anyone tell me if there is a crucial step I am missing?

Sign In to comment.