• where is my uploaded files :/

  • easy box gg <3

  • edited May 2019

    Is it necessary to root *.10 before pivoting off? Figured I'd ask before I waste more time poking everything sitting here.

    ETA: Yep. Totally possible. SO. CLOSE. TO. ROOT. :sweat_smile:

  • edited May 2019

    Does anyone want to give a hint about the directory of the uploaded files? I have really tried my best to find but no luck. Thanks.

    EDIT: got user, but people are not playing nice and killing services.

  • edited May 2019

    Bashing my head against a lot of stuff, wonder if files in /var/tmp are deliberately put there or not. Figuring out how to go from Other users to the main one. Any hints would be most welcome.

    EDIT: Got user. Onto root now.
    Hint: s*****.**p is important indeed.

    Hack The Box

  • I found image ka****i.jpg it's a rabbit hole or no?

  • User hint:
    Focus on file upload feature.

  • any hint for root.txt
    i got root shell :(

  • edited May 2019

    Cannot find my uploaded file..


  • edited May 2019

    @Warlord711 said:
    Cannot find my uploaded file..

    The same problem)

    This hint about Sierra I don't understood
    "In case you need to verify it - . "
    I saw a page and I tryed to find some similar, but unfortunately no successful

  • I think he meant to say for people that wanted to verify about one of the attributes data-whitespace= having a typo on the code. That it was not on purpose.

  • edited May 2019

    Looking for root... I found the g*** UI... do I need to brute force?

    Edit: NVM, no brute force required, the answer is within you..

  • I think I've tried everything I have to try... I'm open to instructions on what to do to get a shell with the k*****_**m account. Where should I look?

    Got user after smashing my head for some time, but I've been working on it for almost a day to get root.

  • Holy Sh** this is crazy I finally got a shell trying to get myself onto there for root pivot this is no joke lol

  • Did someone changed the password for port 8080?

  • Type your comment> @f3v3r said:

    Did someone changed the password for port 8080?

    I've had to revert it a couple times when it hasnt worked.

  • edited May 2019

    wow I must say after fixing the netcat issue and using the correct method and landing a shell as user during the exploit I was able to without adding any keys execute a privesc and achieve root shell but after that it took no more than 15 20 minutes from the time I exploited it with a correct shell to about the time i was able to land a root shell and find what I was looking for I see one last step to get to the war chest which I think is a jdbc connection from some leaked sauce if I am correct not only was this a little diff as I was not able to find the root.txt which means You guys stepped it up I like this and if the extra 20 minutes from landing a shell to getting privesc scares you jeez this is easier than most boxes privesc wise to me logic wise

    and being a linux noob I would know that almost everything priv esc is hard in the beginning this made it both logical and easy.

  • help plz
    i am stuck at the file upload at ip:8080/index.html
    i know, i suppose to upload a reverse shell there but dont know how to bind it into jpeg file. i have search about it , nothing found. please help

  • Root was a lot of fun, had to automate pretty much everything, especially the last step... Probably the worst machine I've seen so far, but in a good way.


  • finally root .... what a journey

  • awesome box )) just rooted. Its really cool. Thx

  • @MinatoTW Thank you for so emotional hack journey :) It was like MMPORPG quest )

  • edited May 2019

    Seems like the service on :80 is broken/hung at this point. I've reset the box a couple times and it doesn't seem to fix it. I was poking around at this box earlier this week without that problem. Now it just won't really respond.

    Edit: Switching to a different US Lab doesn't help.

  • edited May 2019

    Where is root.txt file?
    any idea?

  • Do I need to target the login or the upload first? Found probable pass for #1 but no matching username so far and all the folders I looked into for the upload seem like dead ends.

    Null | Nada- | Zip | Diddly | Zilch+

  • Anybody else having difficulty getting RCE on g*** server to execute? Everything seems to go smoothly but RCE seems to never occur.

  • Type your comment> @SamBugler said:

    Anybody else having difficulty getting RCE on g*** server to execute? Everything seems to go smoothly but RCE seems to never occur.

    what you may want to do and i know im going to get in trouble for this lol

    Reset it 2 times in a row i did and now it pops every attempt feel free to pm me maybe your command is wrong this gave me an issue

  • Not sure if that's sound advice; I've been noticing back to back double resets by people for Ghoul in shoutbox @wabafet

  • I can confirm, reseting twice in a row fixes the issue. Thanks @wabafet !!

  • Got user. <3 That was fun

Sign In to comment.