onetwoseven

11315171819

Comments

  • Type your comment> @0x4242 said:

    Type your comment> @dapasslacho said:
    > got root, learned a ton about a-g

    Can you recommend some links? Was searching for reference material but did not really find good stuff about the inner workings.

    Did anyone ever answer this? There is a lot to be learned about the tool but it seems people will end up spending a lot of time hunting for the information rather than learning the information.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

  • I have reverse shell access as www.... am i supposed to elevate to user before root? I cant find a user flag as of now. Any nudge would be appreciated...

    you got to eat shit to know shit

  • Type your comment> @windsurfer said:

    I have reverse shell access as www.... am i supposed to elevate to user before root? I cant find a user flag as of now. Any nudge would be appreciated...

    The user flag is easier to get than a reverse shell - if nothing else the admin pages give you the details you need to log in and get the user flag.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

  • finally got root, i've learn so much

  • edited June 2019

    If anyone has any clues on why I keep getting 403's with loh tu**** at high port I'd appreciate a pm. Not sure if it's on my end or something else.

    Edit: Thanks to @Smoothz for the help. If you are running into a similar issue, check the syntax on your s** command. Should be 127 in there and ports should match.

  • edited June 2019

    Edit: User.txt got. But still don't know the p****in type it wants.

    Cannot upload. Help wanted.

    BTW, I know how to enable a button in web.

  • Type your comment> @kmahyyg said:

    Edit: User.txt got. But still don't know the p****in type it wants.

    Cannot upload. Help wanted.

    BTW, I know how to enable a button in web.

    Spend a bit of time downloading the other plugins and watch how that works, then read how the plugin you want to target works, with extra attention on what it is looking for.

    The message about plugin type is a bit misleading. Focus on the headers first.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

  • stuck at privilege esc part please help me for that

  • Type your comment> @Zer0Code said:

    any hint about spoofing alternative for the ap* g** ?


    finally got root, i've learned so much in this box
    Thanks to @dontknow

    check pm

  • Type your comment> @Rang3r said:

    Hey all.

    I finally got root. This is probably the hardest box I've done.

    This is the first box that I've asked people for help and I just want to say that the community has been great. helpful and patient.

    I want to thank @avetamine for help getting the upload and @AzAxIaL for help with getting root.

    Thanks for a great forum.

    come pm

  • Finally rooted, regarding privesc, dont overthink it, carefully pay attention as to how and where the manager look for the packages and do it.

  • @TazWake The question is: I don't know how to download the plugins. Could you please give me some hints via PM?

  • Type your comment> @kmahyyg said:

    @TazWake The question is: I don't know how to download the plugins. Could you please give me some hints via PM?

    I dont think this is a spoiler - the plugins have a little link next to them which says (dl) - if you click the link, you download the raw plugin for analysis.

    I would also use burp a lot on this bit so you can see exactly what headers are sent and what, if any, redirection happens.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

  • Finally rooted! Oh man what a ride. Awesome machine @jkr - thanks a lot !

    For the privesc it was easier than I thought in the end. I would very much argue that you do not really need this blog post everyone is mentioning (unless I was reading the wrong one...). I am wondering if this was meant?

    User: you don't need a reverse shell
    Root: prepare to learn lots about packaging...

  • Type your comment> @TazWake said:
    > Type your comment> @kmahyyg said:
    >
    > @TazWake The question is: I don't know how to download the plugins. Could you please give me some hints via PM?
    >
    >
    >
    >
    >
    > I dont think this is a spoiler - the plugins have a little link next to them which says (dl) - if you click the link, you download the raw plugin for analysis.
    >
    > I would also use burp a lot on this bit so you can see exactly what headers are sent and what, if any, redirection happens.

    Thank you so much.
  • edited June 2019

    got root...thank you so much for those who helped me...pm for hint...

  • Oh boy and I just lost, I connect to S**P but I can't get any useful things to happen. If anyone has any hints they want to PM me feel free, I need all the help I can get for user

    Hack The Box

  • Ok, that box was extremely difficult. I have done a similar attack on a pentest as is required to get root on this, but it was still a challenge.

    Recommendations: User:
    1) Just because you can't ssh like you normally do doesn't mean you can't use ssh.
    2) You need to be able to read code. When you find a place to upload something, that is the right path, but you need to modify the URL that you are posting to in order to make this work. It should be relatively clear by reading the code of the page as to what is expected in the request, so make the URL match that.

    Root:
    1) If you see you can do a few elevated commands, that is correct; you need to find a way to leverage those commands to get an RCE.
    2) Read about the server that the commands you can execute interact with and look at creating one of your own.

  • why am i getting no errors after ssh but it just shows a blank page?

  • edited June 2019

    i have got access to higher port and i founded user.txt but don't have permission to access it.
    Tried post request to login page but nothing get back.
    Don't know how to proceed someone can help me?

  • @KevinMoore said:
    why am i getting no errors after ssh but it just shows a blank page?

    if you read the code you would understand why you have a blank page.

    Read it from top to bottom to understand why you have a white page displaying instead of what you think you should have.

  • Really liked this box!

  • Have tired things but still unable to get the initiaL foothold, anyone with an idea please PM

  • I finally got user no need a hint on starting root

  • stucked on the f****g a-t u*****

    any help ?

  • Wow I rooted it.
    Definitely needed a lot of help. But I have to say @jkr, you make some sick boxes bro. I learned so much and it really was a lot of fun.

    user

    1. Enumerate
    2. sometimes you do stuff in one place.. and it changes things in another place differently.
    3. Claim your user (Don't forget to do this before moving on)

    root

    1. Read and understand every line of code in that o**-m**-a****.p** file. All of it. Completely. You'll figure it out.
    2. Once you're on, run a enum script, you'll see it.
    3. You can't abuse the a*t command itself..
    4. MITM- it's tough, confusing, and you'll need to learn a lot if you don't already know it.

    DM for nudges.

    rub1ks
    Find me on Discord: rub1ks #4045

  • edited June 2019

    ive got a successful tunel but keep getting 403's can someone send me message with a little hint? Ive tried a few diferent ips to no avail.

    EDIT: Got there! thanks to a comment from @frankx

    Hack The Box
    ~ Halpless Technoweenie ~

  • Type your comment> @frankx said:

    If anyone has any clues on why I keep getting 403's with loh tu**** at high port I'd appreciate a pm. Not sure if it's on my end or something else.

    Edit: Thanks to @Smoothz for the help. If you are running into a similar issue, check the syntax on your s** command. Should be 127 in there and ports should match.

    thank you! very useful advice

    Hack The Box
    ~ Halpless Technoweenie ~

  • Could anyone give me a hint on how to upload my own file on the admin page? I am stuck there, tried a few different stuff but not even close to a desirable result... Can't figure out if I need a correct POST syntax or if I have to run a .**p script locally that will post into the server? yeah I am pretty lost rn

  • edited June 2019

    When I run a-g u*****, I get the an error that the public key is not available. I am stuck right now

    Edit: My r*** was authenticated

Sign In to comment.