Hint for HELP

1246729

Comments

  • edited January 2019

    Do you really need them for user?

  • edited January 2019

    I would like to learn how to do all the ways

    Chricatanese46

  • Sp7Sp7
    edited January 2019

    Anyone can please give me more hints on po** XXXX? as mentioned by @1NC39T10N I know what to look for on that po** but I can find endpoint he mentioned.

    Thanks!

    Edit:
    For the port XXXX as @1NC39T10N mentioned:

    Note: you will NOT find anything using most wordlists. So gobuster or dirb (etc) are useless here

    Hint: Not every wordlist have everything :)

    Found the endpoint but stuck on next part, need help now lol.

  • How to get those creds!! any hints

  • @SpZ can you PM a hint?

    prutz

  • Is needed to know the time zone of the box?

  • Rooted. Not sure if root was the intended way or not. Happy for someone to PM me

  • @wish said:
    How to get those creds!! any hints

    I used a chrome extension to run a query on that endpoint (like the dude said to).

    izzie

  • I got root and i must say i have learned a lot from this box. Just want to say thanx to @cymtrick once again. Enjoyed it big time. :)
    I am however interested in the alternate way to get user and root. If someone could pm me regarding this it would be great.

  • Before the last reset I was able to upload a thing, now i can't. I'm assuming the box has been updated then?

    If that's the case, i'm not sure what to do now that i can login to the webapp; I still can't upload what i want to, and i can't figure out how i might upload it to the other part of the site.

    Can anyone confirm if the other method of getting user (IE the one that only uses port 8*)

  • Also interested in hearing alternate root/user methods.

    @iseethieves I can confirm port 80 unauthenticated method still works.
  • I'm curious on the method that focuses in the other port :P If somebody wants to share I rooted it with the other path.

    Hack The Box
    -OSCP-

  • Rooted the box. User was not too easy but root was very easy. If anyone needs a hint feel free to PM me.

    Baikuya
    OSCP

  • I don't understand how the information gained from port XXXX was supposed to be used, even after using it I didn't seem to have extra privileges than an unauthenticated user.

    If somebody could DM me with the alternative root privesc I'd be happy, got it the obvious way but couldn't easily see an alternative.

  • Rooted this box...never touched the n****s service at all. Odd that it's there and seemingly unnecessary. Can someone else who rooted this box explain via DM what's the purpose of that service, and how it can be used for foothold? Lots of people marking this box as a piece of cake but I found it to be fairly complex. I must have missed something that's going to make me feel like an idiot.

  • service running on ****.js is an alternative for the REST. it is gaining popularity and major companies are shifting towards it because of flexibility and easiness during communication. Instead of 100 rest api calls this service can pull data at once. Not only js but this service can be used on any backend technology. It is fun to learn.
  • I've been going in circles for a few hours now. Have made no progress. I've managed to find a mention to Shiv, but have failed to find any credentials. There was a header with some a request and response but I have not found anything useful. I have also been searching how to leverage n***.js but have had no luck. Just a bunch of failed attempts at getting a reverse shell by listening to port 80 while trying different q=require'.... commands in the url, which is from googling abunch of stuff about it. The learning curve I am attempting to climb is a bit steep, can i get a push?

    h00ligan

  • Any hint on how to get that shell up on page ? Note: I find my jpg when i upload it, just cant upload a functional php.

    ntroot

  • edited January 2019

    Strange...

    The most used method to gain root is not working anymore? xD

    edit:

    Nvm, rooted. lol...

    ferreirasc
    OSCP | CRTE | Pentest+ | DCPT

  • @ntroot said:
    Any hint on how to get that shell up on page ? Note: I find my jpg when i upload it, just cant upload a functional php.

    Ah nvm. got it :) Why is it always when i post i get the answer by myself in next 5 minutes. LOL !

    ntroot

  • edited January 2019

    Get user credential but where can i use them? Looking for webapp but can't find!

  • anyone willing to pm me and check my script/methodology on the app. I've had some connections back from the app, that then terminate? not sure whats going on?

  • Completed this machine if any one need help feel free to pm :)
  • Rooted
    User: i used the first method on the first port :P would still work my way on the other method later
    Root: was pretty easy and obvious

    Keep it simple and don't be too lazy

  • In terms of time travelling, I'm assuming altering the date is required. Is changing the time needed too?

  • I am lost in the file extension bypassing
    any hint for that?
    I have tried with different extension and modifying the content type
    but none of them work

    Apart from the unauthenticated way,
    I have no idea on constructing the n**.s query

    Thanks in advance

  • @mystory20 said:
    I am lost in the file extension bypassing
    any hint for that?
    I have tried with different extension and modifying the content type
    but none of them work

    Apart from the unauthenticated way,
    I have no idea on constructing the n**.s query

    Thanks in advance

    same here. i can find my jpeg file with exploit script but stuck on bypassing the file extension filter ... hints will be appreciated.

    Thanks.

  • edited January 2019

    Are there any changes in the last hours ? I managed to upload and run a shell on this twice but after a reset, nothing seems to work. I already got user but while trying root i found that someone caused havok on the system.

    I can find and call .jpg and i was able to upload .php too but stopped to work.

    image

  • edited January 2019

    --update--

    And of course the second I post another run actually works. Must have been bad luck with the server earlier.

    I am having trouble with the upload and run shell one too. I think I know how to get around the filter, but I can't even get a jpg or txt upload to work. Even with some time travel although the server header responses look like they match my system time anyway.

  • edited January 2019

    Now Im really confused. I used the REST alternative to get user and its hash (with one of the previous posts its easy). I cracked the hash and have also password. tried to log in via the lowest port and cannot. What am I missing?

    m4rc1n

Sign In to comment.