Ghoul

1246789

Comments

  • @SamBugler said:
    Anybody else having difficulty getting RCE on g*** server to execute? Everything seems to go smoothly but RCE seems to never occur.

    May be you can use the snake to get rce.

  • Type your comment> @SamBugler said:

    Anybody else having difficulty getting RCE on g*** server to execute? Everything seems to go smoothly but RCE seems to never occur.

    I think I know the issue.
    It's because someone else is also using the same repo name.
    If you don't clean it up that will happen.
    try changing the repo name.
    It should work then

  • edited May 2019

    .

  • @Lorcheiro said:
    Know about the authentication port but no idea of creds, are they in rockyou.txt? Should I guess? Are they related with tokio ghoul? DM me, thaanks

    Hack The Box

  • Am I daft? I've enumerated both sites both with custom wordlists and more "standard" ones but I still can't find where the files get uploaded. I must be missing something really basic. Anyone want to DM me a hint or just drop one here please?

    Xentropy
    Null | Nada- | Zip | Diddly | Zilch+

  • @Xentropy said:
    Am I daft? I've enumerated both sites both with custom wordlists and more "standard" ones but I still can't find where the files get uploaded. I must be missing something really basic. Anyone want to DM me a hint or just drop one here please?

    This is type of insecure file upload related to extracting file from archive.

  • Type your comment> @MisterBert0ni said:

    @MinatoTW Thank you for so emotional hack journey :) It was like MMPORPG quest )

    Thanks ! Glad you enjoyed and half the credit goes to @egre55 :)

    Hack The Box

    Don't let the box pwn you!!

  • Damn near a week on this box but finally rooted. Holy shit. What a ride. We need more of these!!!

    That said, the last root.txt troll was a bit "much" in my opinion. The other "trolls" were pretty legit, though. Otherwise, I learned a ton from this one. Damn sure couldn't have done it without a couple guys teaming up with me but the deed is done and just in time for the new box being released in ~1hr.

    Good shit guys. Thanks for the ride.

  • Type your comment> @MisterBert0ni said:

    @Xentropy said:
    Am I daft? I've enumerated both sites both with custom wordlists and more "standard" ones but I still can't find where the files get uploaded. I must be missing something really basic. Anyone want to DM me a hint or just drop one here please?

    This is type of insecure file upload related to extracting file from archive.

    Haha, and all this time I figured it was my enumeration failing. Thanks. :)

    Xentropy
    Null | Nada- | Zip | Diddly | Zilch+

  • edited May 2019

    Edit: got user! If you see the user.txt troll keep enumerating! You're not far away.

    On to root..

  • I've been poking around at the upload, however not finding anything unusual yet with an archive.

  • edited May 2019

    actually where is root.txt. i rooted go* * server . and i got ao**r*-**p.7z any hint :(

    Edit: rooted.
    thanks @0xRick @moxic @cyberus @JonnyVTMRF
    I learned a lot

  • rooted! And I learned a lot on this one. thanks, I hate it.

  • "You've done well to come upto here human. But what you seek doesn't lie here. The journey isn't over yet....."

    40 points huh?

    cyberus17l

  • edited May 2019

    Feel free to PM if you need help :) !

  • Hello I tried to crack the http auth on the high port without success.
    Can you help me please?

  • Need help on user.I've tried to enumerate the port,the website.I got se****.**p,tried to login user with information mentioned but failed.Got the upload,but files could not be found.Use different wordlists with different extensions on dirbuster,but no more useful information.Where should I do furter?

  • Can anyone assist with root.txt? I've found some things in an archive, nothing has worked so far. Not really too sure where to go from here :/

  • Hi guys, i am enumerating every single directory in both of the service, any hints about which list I should use ?

  • Can anyone give me a tip for rooting the second box? I have root on 1 and 3 and have been enumerating everything, but I can't seem to figure out the next step.

  • i think i am very close to user. i have ssh shell.
    but i cant read the Im*****t.pdf file.
    and i dont know how to download it, please if anyone knows tell me

  • edited May 2019

    Finally got root.txt. Great job @MinatoTW & @egre55 that was brutally good. I needed some assistance along the way but I learned probably 4 solid new things during the process. One thing though, this box feels like it should be worth like 80 points after that war I just went through, it is definitely worth taking this box to the end though.

  • We're glad you had fun!

    Hack The Box

    Don't let the box pwn you!!

  • Type your comment> @backspace said:

    Looking for root... I found the g*** UI... do I need to brute force?

    Edit: NVM, no brute force required, the answer is within you..

    Anyone with some guidance on this one? I've been looking inside-out and can't for the life of me find anything credential related, only guts&gore inside me :)

  • i have a ssh shell.
    but i dont know what i do next to get user.txt
    please help PM

  • Hello, i'v been trying my luck at this box for couple days now and i have some hints but i don't know how they can relate to each other nor where to "use" them, could someone PM me for a hint, thanks !

  • edited May 2019

    I will appreciate if you help me with passphrase. PM
    2 hour I can't find I tried but, but unsuccessful
    I found thanks for the help

  • edited May 2019

    still stuck!!

  • please help me i am a Eto user in ssh but i dont know how do i get user.txt
    i know about docker,
    is there anyone how can help me?

  • Could you give me hint for root.
    I found exploit, but can't use it

Sign In to comment.