Anybody else having difficulty getting RCE on g*** server to execute? Everything seems to go smoothly but RCE seems to never occur.
I think I know the issue.
It's because someone else is also using the same repo name.
If you don't clean it up that will happen.
try changing the repo name.
It should work then
@Lorcheiro said:
Know about the authentication port but no idea of creds, are they in rockyou.txt? Should I guess? Are they related with tokio ghoul? DM me, thaanks
Am I daft? I've enumerated both sites both with custom wordlists and more "standard" ones but I still can't find where the files get uploaded. I must be missing something really basic. Anyone want to DM me a hint or just drop one here please?
@Xentropy said:
Am I daft? I've enumerated both sites both with custom wordlists and more "standard" ones but I still can't find where the files get uploaded. I must be missing something really basic. Anyone want to DM me a hint or just drop one here please?
This is type of insecure file upload related to extracting file from archive.
Damn near a week on this box but finally rooted. Holy shit. What a ride. We need more of these!!!
That said, the last root.txt troll was a bit "much" in my opinion. The other "trolls" were pretty legit, though. Otherwise, I learned a ton from this one. Damn sure couldn't have done it without a couple guys teaming up with me but the deed is done and just in time for the new box being released in ~1hr.
@Xentropy said:
Am I daft? I've enumerated both sites both with custom wordlists and more "standard" ones but I still can't find where the files get uploaded. I must be missing something really basic. Anyone want to DM me a hint or just drop one here please?
This is type of insecure file upload related to extracting file from archive.
Haha, and all this time I figured it was my enumeration failing. Thanks.
Need help on user.I've tried to enumerate the port,the website.I got se****.**p,tried to login user with information mentioned but failed.Got the upload,but files could not be found.Use different wordlists with different extensions on dirbuster,but no more useful information.Where should I do furter?
Can anyone give me a tip for rooting the second box? I have root on 1 and 3 and have been enumerating everything, but I can't seem to figure out the next step.
i think i am very close to user. i have ssh shell.
but i cant read the Im*****t.pdf file.
and i dont know how to download it, please if anyone knows tell me
Finally got root.txt. Great job @MinatoTW & @egre55 that was brutally good. I needed some assistance along the way but I learned probably 4 solid new things during the process. One thing though, this box feels like it should be worth like 80 points after that war I just went through, it is definitely worth taking this box to the end though.
Looking for root... I found the g*** UI... do I need to brute force?
Edit: NVM, no brute force required, the answer is within you..
Anyone with some guidance on this one? I've been looking inside-out and can't for the life of me find anything credential related, only guts&gore inside me
Hello, i'v been trying my luck at this box for couple days now and i have some hints but i don't know how they can relate to each other nor where to "use" them, could someone PM me for a hint, thanks !
Comments
May be you can use the snake to get rce.
Type your comment> @SamBugler said:
I think I know the issue.
It's because someone else is also using the same repo name.
If you don't clean it up that will happen.
try changing the repo name.
It should work then
.
Am I daft? I've enumerated both sites both with custom wordlists and more "standard" ones but I still can't find where the files get uploaded. I must be missing something really basic. Anyone want to DM me a hint or just drop one here please?
Null | Nada- | Zip | Diddly | Zilch+
This is type of insecure file upload related to extracting file from archive.
HTB | Root-Me | PentestIT | OSCP | Social
Type your comment> @MisterBert0ni said:
Thanks ! Glad you enjoyed and half the credit goes to @egre55
Don't let the box pwn you!!
Damn near a week on this box but finally rooted. Holy shit. What a ride. We need more of these!!!
That said, the last root.txt troll was a bit "much" in my opinion. The other "trolls" were pretty legit, though. Otherwise, I learned a ton from this one. Damn sure couldn't have done it without a couple guys teaming up with me but the deed is done and just in time for the new box being released in ~1hr.
Good shit guys. Thanks for the ride.
Type your comment> @MisterBert0ni said:
Haha, and all this time I figured it was my enumeration failing. Thanks.
Null | Nada- | Zip | Diddly | Zilch+
Edit: got user! If you see the user.txt troll keep enumerating! You're not far away.
On to root..
Put some respeck on my name -> https://www.hackthebox.eu/home/users/profile/90837
I've been poking around at the upload, however not finding anything unusual yet with an archive.
actually where is root.txt. i rooted go* * server . and i got
ao**r*-**p.7z
any hintEdit: rooted.
thanks @0xRick @moxic @cyberus @JonnyVTMRF
I learned a lot
N1Z4M B1N MUH4MM3D
Security researcher From God's own country
rooted! And I learned a lot on this one. thanks, I hate it.
moxic(https://www.hackthebox.eu/home/users/profile/117291)
"You've done well to come upto here human. But what you seek doesn't lie here. The journey isn't over yet....."
40 points huh?
Feel free to PM if you need help
!
N1Z4M B1N MUH4MM3D
Security researcher From God's own country
Hello I tried to crack the http auth on the high port without success.
Can you help me please?
Need help on user.I've tried to enumerate the port,the website.I got se****.**p,tried to login user with information mentioned but failed.Got the upload,but files could not be found.Use different wordlists with different extensions on dirbuster,but no more useful information.Where should I do furter?
Can anyone assist with root.txt? I've found some things in an archive, nothing has worked so far. Not really too sure where to go from here
Hi guys, i am enumerating every single directory in both of the service, any hints about which list I should use ?
Can anyone give me a tip for rooting the second box? I have root on 1 and 3 and have been enumerating everything, but I can't seem to figure out the next step.
i think i am very close to user. i have ssh shell.
but i cant read the Im*****t.pdf file.
and i dont know how to download it, please if anyone knows tell me
Finally got root.txt. Great job @MinatoTW & @egre55 that was brutally good. I needed some assistance along the way but I learned probably 4 solid new things during the process. One thing though, this box feels like it should be worth like 80 points after that war I just went through, it is definitely worth taking this box to the end though.
Don't let the box pwn you!!
Type your comment> @backspace said:
Anyone with some guidance on this one? I've been looking inside-out and can't for the life of me find anything credential related, only guts&gore inside me
i have a ssh shell.
but i dont know what i do next to get user.txt
please help PM
Hello, i'v been trying my luck at this box for couple days now and i have some hints but i don't know how they can relate to each other nor where to "use" them, could someone PM me for a hint, thanks !
I will appreciate if you help me with passphrase. PM
2 hour I can't find I tried but, but unsuccessful
I found thanks for the help
still stuck!!
please help me i am a Eto user in ssh but i dont know how do i get user.txt
i know about docker,
is there anyone how can help me?
Could you give me hint for root.
I found exploit, but can't use it