Ghoul

1235789

Comments

  • edited May 2019

    Would anyone be willing to PM me a hint to get into the file upload page. I've enumerated everything I can think of. Tried cewl to generate a wordlist and pushed that at it. Is it just a guessing game?

    edit - Never mind. someone must have changed the password :(

    alt text

  • Could you give me hint for root.
    I found exploit, but can't use it> @whipped said:

    Would anyone be willing to PM me a hint to get into the file upload page. I've enumerated everything I can think of. Tried cewl to generate a wordlist and pushed that at it. Is it just a guessing game?

    edit - Never mind. someone must have changed the password :(

    Yip, unfortunately sometimes somebody do it

  • I am having some issue with the zip, I know what I have to do but I failed every time. Someone can give me a hint?

  • Holy shit, what a journey! Path to root flag was so damn long. Hahaha.

    Thanks @MinatoTW and @egre55 for a great but holy-shit-painful box.

    Tips for user:
    If you can't see a path, make one.

    Tips for root:
    Pivot pivot pivot and ENUMERATE. Like damn, there are so many hints and breadcrumbs all around but they're spreeaaad ooout. For the very final step, you're going to have to do a pretty oldschool exploit. :)

    Xentropy
    Null | Nada- | Zip | Diddly | Zilch+

  • I stuck with cookies, could you give hint PM?

  • hello sir,
    machine-ghoul
    i have user.txt. i am looking for root. i get to know that i have to upload a static nmap into ssh server. but i am having trouble in that , i dont know how but nmap is a dir and whenever i try to use scp to upload it. it uploads as a dir. but i saw in ippsec vaut video that he gives the dir a executable permission.
    please tell me commands that i must use. please!!

  • edited May 2019

    Can someone give me a hint on how to find the passphrase for the ssh key lol. I've been stuck at this for ages.

  • I spent almost 3 days in total to solve this machine, but I'm happy that I have learnt some new things.

    Thank you for creating this painful machine @MinatoTW and @egre55 - please make moar of these machines.

    For root flag, some basic but useful advice that you may be bored of hearing;
    * monitor processes and file system changes on the machines you get shell
    * enumerate files as much as you can

    Good luck.

  • Thanks guys , glad you liked that challenge.

    Hack The Box

    Don't let the box pwn you!!

  • edited May 2019

    Type your comment> @MinatoTW said
    Thanks guys , glad you liked that challenge.

    thanks to you sir, because of you, we learn new things
    LOVE FROM INDIA

  • I have mixed feelings about this machine. I'm still not sure why this box is only 40 points LOL. It is probably the first time for me to see 4 con******* in 1 server in HTB so it should've been 50 points really. Just so that everyone here is on the line, this box is rated 6.4 as of now due to the fact that there are about 76.3% more people with user flags and without root flags as of now. Otherwise, I truly believe it would be at least in the 8.

    The user was FUN despite the minor trolls, I won't deny that. I won't say the same about the root though.

    "You've done well to come upto here human. But what you seek doesn't lie here. The journey isn't over yet....."

    This is the moment when I wanted to break things apart.

    The root was unrealistic in the files part, which I hated so much btw. Then comes the 30 seconds interval. Seriously?

    The balance between the user flag and root flag is very bad in my opinion. So, I'm sorry but I'll dislike this machine.

    Hack The Box

    OSCE | OSCP | CRTE | GPEN | eCPTX | CREST CRT | GDAT | eCPPTv2 | GWAPT | OSWP | ECSA (Practical)

  • And I finally rooted...
    Great job: @MinatoTW and @egre55 . I really liked the last step...

  • Please don't make boxes like this in the future. You had some nice ideas, but you ruined all of it by making the like half of the box guessing passwords. Definitely the worst box I've done so far.

  • edited May 2019

    Type your comment> @Ryan412 said:

    I have mixed feelings about this machine. I'm still not sure why this box is only 40 points LOL. It is probably the first time for me to see 4 con******* in 1 server in HTB so it should've been 50 points really. Just so that everyone here is on the line, this box is rated 6.4 as of now due to the fact that there are about 76.3% more people with user flags and without root flags as of now. Otherwise, I truly believe it would be at least in the 8.

    The user was FUN despite the minor trolls, I won't deny that. I won't say the same about the root though.

    "You've done well to come upto here human. But what you seek doesn't lie here. The journey isn't over yet....."

    This is the moment when I wanted to break things apart.

    The root was unrealistic in the files part, which I hated so much btw. Then comes the 30 seconds interval. Seriously?

    The balance between the user flag and root flag is very bad in my opinion. So, I'm sorry but I'll dislike this machine.

    Thanks for the feedback, there were some unintentional trolls due to my mistake and I apologise for that. And I agree the root part got stretched a bit, noted it down for the future. The files part is pretty much realistic if I understand what you're pointing towards. And the 30 second interval is to ensure the connection isn't killed / dies in between. It's not easy to simulate user interaction with so many people on the box, we had to make some adjustments to ensure everything works out of the box.

    Hack The Box

    Don't let the box pwn you!!

  • edited May 2019

    edit:nvm

  • Thanks @MinatoTW and @egre55 for the big box!!

  • Do I need to brute-force the login(Members-Area)
    I tried all default creds( didn't worked)

  • edited May 2019

    I need help on uploading part. Cant guess the right path. Could someone PM me?
    EDIT: Nevermind. Got user :)

  • Hello, i'm struggling for gaining user access. Must i brute-force one of the two login pages ?

  • Type your comment> @Kalki said:

    Hello, i'm struggling for gaining user access. Must i brute-force one of the two login pages ?

    no, please dont)

    tabacci

  • There is a vuln in one of the web app ?
  • @Kalki said:
    There is a vuln in one of the web app ?

    sure

    tabacci

  • edited May 2019

    Where to find passphrase for ssh key ?
    Is se***.jpg a rabit hole.

  • Type your comment> @AmiToLotto said:

    Where to find passphrase for ssh key ?
    Is se***.jpg a rabit hole.

    change .jpg to .php when search for passphrase

    tabacci

  • @tabacci
    Thx that works

  • edited May 2019

    I'm in g*** as "admin" I can also get a rev shell as g** but I don't know what to look for or escalate...

    EDIT: one more step.. stuck on the next one. Crazy box!

    EDIT2: rooted with a lot of help. Last step is too much

    halfluke

  • I've gained access via ssh, and nmap'd the /24 rather than the /16 and found some hosts -- but cant seem to find anything that stands out?

  • is kaneki crack of encrypted key the way to user (im failing to crack it) ? have shell with other two users, cant find flag :)

    ntroot

  • edited June 2019

    @ntroot No, you don't! I got the user flag before I had a decrypted version of that key.

  • Thanks, i got it. Now try harding to root, LOL :)

    ntroot

Sign In to comment.