Ghoul

Eat or be eaten ☠️

Hack The Box

Don't let the box pwn you!!

Tagged:
«1345

Comments

  • its time to become a ghoul

    xdaem00n
    So this is what a revolution looks like, people in expensive clothing running around. Not how I pictured it.

  • i can smell the blood

  • "Respect to whom respect is due."
    Twitter: https://twitter.com/0x4242 | Web: http://0x4242.net
  • edited May 7

    nice box

  • edited May 4

    waddup? 1000 -7 ?

    Hack The Box

    Don't let the box pwn you!!

  • Think I found the source of the RCE... But how do I change the "type" to access it... That is the question :)

    Hack The Box

  • Type your comment> @Farbs said:

    Think I found the source of the RCE... But how do I change the "type" to access it... That is the question :)

    ive done that, it does nothing as far as i know

  • Type your comment> @EmmaSamms said:

    Type your comment> @Farbs said:

    Think I found the source of the RCE... But how do I change the "type" to access it... That is the question :)

    ive done that, it does nothing as far as i know

    are you talking about bypassing the upload restrictions?

  • Do we have to bruteforce to get credentials?

  • Type your comment> @Collins19008 said:

    Type your comment> @EmmaSamms said:

    Type your comment> @Farbs said:

    Think I found the source of the RCE... But how do I change the "type" to access it... That is the question :)

    ive done that, it does nothing as far as i know

    are you talking about bypassing the upload restrictions?

    yes

  • Any hint on where the uploads go? I'm able to bypass the restrictions - or at least it says so

  • I've managed to "bypass" the restrictions, but trying to find out where the files "go" after that... I think I'm uploading what I have to in order to get a shell, but not sure where to access it once it "disappears"...

    Hack The Box

  • edited May 4

    Found it..:D

  • I also found the s*****.php file, but not exactly sure what I'm supposed to be getting out of it.

    Hack The Box

  • am i going to have to have some knowledge on this show ie character names in order to get creds?

  • I hope this is not going to require to watch the anime in order to guess the credentials.

  • Type your comment> @ambi said:

    I hope this is not going to require to watch the anime in order to guess the credentials.

    haha thats what i was worried about...

  • Type your comment> @Collins19008 said:

    Type your comment> @ambi said:

    I hope this is not going to require to watch the anime in order to guess the credentials.

    haha thats what i was worried about...

    I curious... but this all seems like that. The box's author's left a movie about that anime like it's supposed to provide us some imagination about how to guess credentials, so... I don't know honestly. The machine is very focused on the movie.

  • i also found s*****.php, not sure what its getting at...

  • No need to watch anything for the box :p

    Hack The Box

    Don't let the box pwn you!!

  • Type your comment> @MinatoTW said:

    No need to watch anything for the box :p

    where are my file uploads landing is that a rabbit hole for the secret art site

  • edited May 5

    Another +12 hour box ?

  • I don't know what I'm overlooking but where is this upload thing? Can't find anything...

    "Respect to whom respect is due."
    Twitter: https://twitter.com/0x4242 | Web: http://0x4242.net
  • edited May 5

    Hoping it is not related to anime...

  • edited May 5

    bruteforcing needed for **in.*** ?

    EDIT: nevermind

  • Type your comment> @dev17 said:

    Found it..:D

    any hint on the uploads path pls

  • Look which files u can upload in that form

  • Please ignore anything found in /var/tmp . Thanks!

    Hack The Box

    Don't let the box pwn you!!

  • Type your comment> @MinatoTW said:

    Please ignore anything found in /var/tmp . Thanks!

    LOOOOOOOOOOOOOOOOOL cough cough

    chivato

Sign In to comment.