Hint for HELP

13468929

Comments

  • I obtained root, but it felt like I was doing so reusing the easy way even though I did use the SQL method.

    Assuming the easy way didn't exist but SQL method did anyone could PM tips on how you would go about getting a shell?

  • For those of you unable to escape for reverse shell, read the code and ask yourself "do I really need to escape?"

  • machine always got reset while iam using sqlmap :disappointed_relieved:

  • Can someone confirm the time travel year is 2 years prior to the release of war games staring Matthew Broderick ?

  • I am so confused, I managed to get user without too much trouble, but now I'm struggling super hard with root, unlike everyone else on this box ahhh! If someone could give me nudge for root I would really appreciate that!

  • @bluealder said:
    I am so confused, I managed to get user without too much trouble, but now I'm struggling super hard with root, unlike everyone else on this box ahhh! If someone could give me nudge for root I would really appreciate that!

    Also struggling to get root. Help would be appreciated.

    Shadowdriu

  • @shadowdriu said:

    @bluealder said:
    I am so confused, I managed to get user without too much trouble, but now I'm struggling super hard with root, unlike everyone else on this box ahhh! If someone could give me nudge for root I would really appreciate that!

    Also struggling to get root. Help would be appreciated.

    Legit got it 5 mins after posting this, was strugling on it for a day or two lmao. PM if you need a hand

  • edited January 2019

    This was great, thanks @cymtrick ... I'll be honest, user threw me for a bit and i did have to dip into the forums so thanks for all of the t*** t***el talk lol....root was game over after about 20 minutes...very cool!

    //hints

    User: Don't pull your hair out. Well documented, pay close attention to stuff that you normally don't care about :)

    Root: Old skool, don't reinvent the WHEEL :bleep_bloop:

  • @shadowdriu said:

    @bluealder said:
    I am so confused, I managed to get user without too much trouble, but now I'm struggling super hard with root, unlike everyone else on this box ahhh! If someone could give me nudge for root I would really appreciate that!

    Also struggling to get root. Help would be appreciated.

    Hey. Try looking at some of the most basic and first steps you do when priv esc'ing. g0tmi1k has a nice list of things to try.

  • Nice machine enjoyed this one.

    User: read the exploit really carefully and follow exactly what you should do, if you did a dirb run there should be a directory which make the most sense for the uploaded tickets. no code changes in the script needed.

    Root: as Spiderixius wrote: g0tmil1k has a nice list and searchsploit is your friend

    SekIsBack

  • Hello, I'm trying to go throw the N*** service, but I can't find the endpoint someone could give me some hint?

  • Hello, I'm stuck at the high-level port. I found the endpoint but just cannot get my query right. Some help would be greatly appreciated.

  • @blueorchid said:
    Hello, I'm stuck at the high-level port. I found the endpoint but just cannot get my query right. Some help would be greatly appreciated.

    Any hint for the endpoint?

  • Hello guys, can someone help me please on this machine .. i'm stuck .... thanks in advance :) <3

  • @m4rc1n said:
    Now Im really confused. I used the REST alternative to get user and its hash (with one of the previous posts its easy). I cracked the hash and have also password. tried to log in via the lowest port and cannot. What am I missing?

    likely someone has changed the password, there are a to of trolls on this box

  • Not sure if something changed on this box, I was previously able to "submit a ticket" using a bypass and "find my ticket" afterwards. But now I can't find my uploads, even if I upload jpg/txt/etc. Did something change on the box?

  • Rooted. I agree that user was much more of a challenge than root, but definitely an interesting box to play with.
    So, for my hints.

    User: There maybe more than one application running. Headers are helpful. Make sure to CoVEr the services found, and let this baby hit 88 mph.

    Root: Everyone keeps using the same phrases, like "basic," easy, "don't overthink," and so on. For those struggling with what they mean, google any beginner's guide to priv esc, and it is usually one of the first bits of information you can get and find exploits for.

    PM me if you need further hints.

    Hack The Box
    Discord: AzAxIaL#8633

  • Another tip: This box gets reset often which may not show up as an error in the middle of a script run. I had this happen and missed an entry earlier because I didn't notice the reset.

    Also - you don't need SQLMap.

    Hint #3: The error messages from the webapp will LIE to you.

  • edited January 2019

    Finally rooted! Thanks @Spiderixius for your hints and @cymtrick for the box. User was frustrating.....

    d4z3c

  • @isuckathacking said:
    Another tip: This box gets reset often which may not show up as an error in the middle of a script run. I had this happen and missed an entry earlier because I didn't notice the reset.

    Also - you don't need SQLMap.

    Hint #3: The error messages from the webapp will LIE to you.

    By error messages you meant "**** not allowed" ?

  • @cymtrick said:

    @dev0id said:
    @MrR3boot so simple fuzzing for the parameter name and value is not enough? is the etag important?

    This might help
    a collection of points whose coordinates satisfy a given relation.

    Lol now I understand xD

  • edited January 2019

    Is machine's timezone important? Also i can't even find jpg files when i upload. Helps will be appreciated.

  • Sorry if spoiler but apparently people have been using this video as a hint:

    I mean wtf is going on with this machine. Constant resets, people changing the password. Have some god damn class or integrity.

    Hack The Box

  • It seems that people are changing settings on this box after they get in. Things that worked up to a point yesterday don't work today. For instance P*P shells would upload yesterday and today they are not allowed.

  • Ugh. I can't seem to execute malicious code in the ticketing system...

  • Hi Everyone. I like this box. Congrat to creator. Some guidance for anyone now doing it.
    Do your enumeration
    think logically google exploit for app
    read exploit! what is it talking about, what file? get the file from github, what else can you learn?
    I did not even need to modify exploit in order to work, I'm in UK (wonder why that's important???? ;))
    for root go back to basics as mentioned before!

    adyd

  • edited January 2019

    Got a password. Need a username. Tried any possible, logical combo. Can't login. Any idea on possible usernames?
    Edit: found it. Just use what you got.

  • Found creds. Im getting bunk results on a SQLi once authenticated. Pulling my hair out. can anyone pm me some nudges?

    Im apparently dumbfounded by the upload bypass too. Github code looks easily by passable but im failing miserably.

    Someone pm me and ill + rep you

    If any HTB users have helped you with a challenge or hint please consider giving them +respect on their profile.
    Here is mine is you would like to do so.
    https://www.hackthebox.eu/home/users/profile/50326

  • @ChiefCoolArrow said:
    Found creds. Im getting bunk results on a SQLi once authenticated. Pulling my hair out. can anyone pm me some nudges?

    Im apparently dumbfounded by the upload bypass too. Github code looks easily by passable but im failing miserably.

    Someone pm me and ill + rep you

    At one point yesterday it was straightforward for uploading shells and today it doesn't work. I don't know what happened.

Sign In to comment.