onetwoseven

Starting the discussion :P

«13456717

Comments

  • Very interesting machine :bleep_bloop:

  • uWu

    OSCP | TMHC CTF

  • Damn those of you spamming the reset button.
    Even on VIP I can't go 5 minutes without disconnecting.

    BLZ

  • edited April 20

    @BLZ said:
    Damn those of you spamming the reset button.
    Even on VIP I can't go 5 minutes without disconnecting.

    Relax big man you're doing good take a deep breath and have a glass of water. I believe in you <3 oWo rawr xd

    OSCP | TMHC CTF

  • Type your comment> @chivato said:

    @BLZ said:
    Damn those of you spamming the reset button.
    Even on VIP I can't go 5 minutes without disconnecting.

    Relax big man you're doing good take a deep breath and have a glass of water. I believe in you <3 oWo rawr xd

    Sometimes I try so hard I give myself a hernia //UwU//

    BLZ

  • edited April 20

    @BLZ just dont forget you cant spam the box or you will be banned

  • edited April 20

    @mprox you are like the proverbial thorn in my side lol jk good job we need some kind of text message alerts da f**ck I was sleeping here is mrpox pwning shit

    Can anyone tell me if I hit a brickwall if I found a rabbit hole?

  • any way to access local only ports with some sort of sftp tunneling?

  • Type your comment> @wabafet said:

    @mprox you are like the proverbial thorn in my side lol jk good job we need some kind of text message alerts da f**ck I was sleeping here is mrpox pwning shit

    Can anyone tell me if I hit a brickwall if I found a rabbit hole?

    The wall it's not php right?

    clarkkent

  • nope just a pic

  • edited April 20

    Woaw lots of people got user already, and those "piece of cake"s as well! Must be missing something..
    EDIT: Got what I was missing.

  • ya its something stupid were missing

  • Congratz to @mprox, that was incredibly fast

  • soooo....ummm. about this user? Is there something that needs to be done in order to access php files uploaded? I was trying to find a way to access pages locally but having no luck.

  • Thanks all :)

    What a rush to the finish line - thanks all for making it nice and tense :sunglasses:

    Regarding hints for the box, I'm happy to help, but I get quite a lot of messages recently, and it can be hard to keep up. Please consider if your question could be asked here instead of privately, so others could also benefit from the same hint - if it's not too spoilery, of course.

    Have fun with the box, it's really well made. And props to @jkr for making it - it's super polished.

    Hack The Box
    If you ask for help, describe 1) your findings 2) your conclusions 3) your ideas

  • Type your comment> @mprox said:

    Thanks all :)

    What a rush to the finish line - thanks all for making it nice and tense :sunglasses:

    Regarding hints for the box, I'm happy to help, but I get quite a lot of messages recently, and it can be hard to keep up. Please consider if your question could be asked here instead of privately, so others could also benefit from the same hint - if it's not too spoilery, of course.

    Have fun with the box, it's really well made. And props to @jkr for making it - it's super polished.

    anyway to use plugin-upload as a attack vector

  • Ok perfect is the ws a rabbit hole for stats

  • any one have any hints? im stuck after getting sftp access

  • In the same spot

    Arrexel

  • stuck after getting user and finding the plugin-upload page :/

  • anyone can give any hints , dont know if sftp is the right path.

  • edited April 21

    For user, I can confirm that sftp is the right path.
    Don't forget there is a help command and try the different commands that are availlable. This give you a better idea of the privileges you have, and you might find how some useful commands aren't restricted.

  • Lol user was easy and interesting.

  • Have gotten a reverse shell and am working on root.

    Is s*** /usr/bin/a****** u***** a rabbit hole, or should I continue along that path?

  • edited April 21

    Well there is interesting thing I'm seeing there after running reverse shell command!
    EDIT: Lol I was doing something a terrible wrong

  • Anyone have some hint for start ? I am able to upload via sftp, but php seems do not work :(

    Summa scientia, nihil scire.

  • Can someone please help.. As stuck after the sftp access.. Tried with many reverse shell for image or php none of them are working..

  • 1 2 7 3
    Gotta use sftp. :)

  • Is the final step for root just a** takeover? Or am i just chasing ghosts here

Sign In to comment.