Ghoul

1234689

Comments

  • Could someone pm me where to look for uploaded file? Is it inside the M*** Area (no access yet)? I've recursively enumerated all possible dirs searching for it. Or I won't see it in those and have to exploit?

  • I'm stuck at the pivoting part. I have a root shell but I'm not quite sure how to go about pivoting to acquire the other. If anyone has any links or reading material that could help me learn this and get further i'd greatly appreciate it. :)

    phase

  • @Phase said:
    I'm stuck at the pivoting part. I have a root shell but I'm not quite sure how to go about pivoting to acquire the other. If anyone has any links or reading material that could help me learn this and get further i'd greatly appreciate it. :)

    You could for example check out write-ups and videos for retired HTB boxes that needed many pivots and exploring the network - e.g. for the machines Reddish or Ariekei.

  • edited June 2019

    Type your comment> @kekra said:

    @Phase said:
    I'm stuck at the pivoting part. I have a root shell but I'm not quite sure how to go about pivoting to acquire the other. If anyone has any links or reading material that could help me learn this and get further i'd greatly appreciate it. :)

    You could for example check out write-ups and videos for retired HTB boxes that needed many pivots and exploring the network - e.g. for the machines Reddish or Arikei

    Awesome thanks for the advice. That’s a great idea.

    phase

  • edited June 2019

    Could someone give me a PM nudge - I have a shell as www-data, but I think I'm down a massive rabbit hole getting to a user. is edit**_***-R*****.p** important?? Or the other files in that dir? I've done some unpacking deeper and deeper, and it feels like I've hit a troll.

    Edit:
    Got user now, many thanks for the help!

    SmallGods

  • Rooting this box was pain in the ass, so many steps and guessing.
    Between getting user and getting root is a vast abyss
    Thx everyone who helped me on this road.

  • Very cool machine. Learned a lot of things. Thanks to @AmiToLotto @Xentropy and @tabacci for all the help. I would like to share some tips so other people don't struggle as much as I did. I'll try to keep this spoiler free, if you feel that I'm spoiling something please report it.
    User: Keep notes of everything you find in the website then upload your file, there's a vulnerability in the library that handles the files (HUGE HINT RIGHT HERE)
    Root: This is the hardest part, enumerate, pivot, enumerate some more, pivot again and keep enumerating. You should read about git commands. Once you have certain juicy info use that and then some ssh kungfu is required.

  • I'm stuck on the second pivot... Are the same keys supposed to work as in the first and second box? I keep getting a permssion denied error. Not sure if it's because I'm doing something wrong or something is just screwy with the keys I got.

    phase

  • What a ride, nice quest! loved/hated it, I mean, the journey is awesome, It forces you to do a good and depth enumeration on every place that you land... If not, it's easy to fall in the feeling of f**k this guessing game.

    Apart, It's nice not being alone along the ride, saying this for all the hints,notes, etc. laying all over the place, the 90% of this, it's a direct help for the next step.

    The only problem, for me (IMHO), It's the balance between the user and root. At least, in the Reddish quest, the user pops up at the "middle" of the road... Here appears right at the beginning of the journey, and when the "You've done well to come upto here human..." comes, you're already with a fried-brain hoping not to see/need a new jump (at least, this is what happened to me lmao :joy: .

    btw, good box, learned tons of new things, but I must vote for the "totally not a 40pts box" thing... :+1:
    Cheers!

  • Does anyone have a hint of what to do once I've got user on g*** server? I've been enumerating but theres nothing that really stands out...

    phase

  • Hint User: Try upload usefull file.
    Hint Root: Scripting is good way.

    This machine must give a badge and 10 points more.
    Change my Mind.

  • anyone hint me on how to proceed please ... have root on last part (git), found those sources, looked info on them, found some m*** credz, but other than that im lost (cant even find that m***), oh boy this one is loooooong, definetly CTF for 100 points :)

    ntroot

  • Struggling to pivot here. My scans are showing only one other box out there with a single service? Had a good hunt for logs and configs locally, and have some strong candidates for box names and what they might be hosting, but can't find anything. I feel like it must be obvious, as no-one else seems to have come a cropper here! :)

    Any non-spoilery nudges welcomed.

    SmallGods

  • Type your comment> @smallgods said:

    Struggling to pivot here. My scans are showing only one other box out there with a single service? Had a good hunt for logs and configs locally, and have some strong candidates for box names and what they might be hosting, but can't find anything. I feel like it must be obvious, as no-one else seems to have come a cropper here! :)

    Any non-spoilery nudges welcomed.

    Try pivoting to that box and see what you find.

    phase

  • edited June 2019

    @Phase said:

    Try pivoting to that box and see what you find.

    I did give that a go with no joy, but maybe I messed something obvious up. I'll go back and re-focus on that again, cheers.

    Edit:
    Sorted! Many thanks to several people for the help and guidance, with a special shout-out to @Phase

    One hell of a box. Felt a little too harsh and long for root at times, but on the other hand I learnt a LOT from it, so maybe it all balances out. Kudos to the creators :)

    SmallGods

  • edited June 2019

    Type your comment> @smallgods said:

    @Phase said:

    Try pivoting to that box and see what you find.

    I did give that a go with no joy, but maybe I messed something obvious up. I'll go back and re-focus on that again, cheers.

    I would look at the NIC's on the box you pivoted to. That can give you a clue of where to scan next. :)

    phase

  • Finally rooted and enjoyed the journey. Thanks to all for nudges along the way. The ending is the best!

  • Spoiler Removed

  • edited June 2019

    This box kicked my ass. For four days straight trying to understand how to get root. Thank you to @m4xp0wer and everyone else with the tips and blogs.

    And this clip highlights my frustration and its also a helpful tip!

  • edited June 2019
    [email protected]:~#
    

    You know what? I still can't find root.txt. Any idea?

    Edit:
    Wow. It was a very long journey. You will encounter with bunch of rabbit holes and trolls. IMO, very last step for getting the root.txt was cool and it was pretty educational for me. However, root process was CTFish.

    Also, many thanks to @johnnyz187.

    Hack The Box

  • Thought I got all the way there and then got trolled. Giving this box a break (permanently, lol). User was "ok". Don't plan on rooting, though. Not worth it.


    Hack The Box
    defarbs.com | Retired Machine Writeups! - "Let me just quote the late, great Colonel Sanders, who said, 'I'm too drunk... to taste this chicken.'”

  • edited June 2019

    Where to find passphrase for ssh key ? the hash in se**.php doesn't work .
    do i need to decrypt shadow ?
    EDIT: for passphrase , ce
    l will help a lot

  • problem with port 3000 gogs not working ?

  • This box got a lot of hate, but no joke I think I had the time of my life rooting this one. Took a while, and yeah maybe rooting was considerably more difficult than getting user, but what a ride. So many rabbit holes!

    Learned a whole lot, and any time I root a box and I learn something new I consider that a win. Thanks Minato and egre55!

  • Thanks mate @agr0 :)

    Hack The Box

    Don't let the box pwn you!!

  • edited June 2019

    g*** server down?
    Edit: Enum the network and Directories!

    Edit2: Omaigod, rooted after 2 weeks! Would be months if it weren't for the immense help given by @Alienware @TSB @cyberus

    To newcomers: Get on the box, you'll learn PLENTY!

    Hint for user: File Upload Vulnerability + Think Harder, what other services can you exploit with that

    Hint for root: Enumerate....seriously hard, everything is stashed EVERYWHERE, files, hidden files, network, the whole system and network, ssh and git fu is very useful ;)

    Can DM if you guys need directions

    Note for the creator @MinatoTW, @egre55: Amazing Box, learnt alot of new techniques even when it wasnt the right path! Seriously Loved it although i felt like dying at times @[email protected], Thanks again!

  • edited June 2019

    can anyone PM me a hint on what to do when g*** box is rooted? found additional creds, enumerated whole box, but can't figure out what the next step is

    EDIT:
    Hint: you need to look deeper in what you already found...

  • ...feel so stupid that I couldn't figure out phrase for kaneki for a week when it was just in front of me :) Was just looking thru all possible info i had and boom - here it is! But how in the world i didn't see that before...

  • edited June 2019

    i uploaded ,i got root,i moved to kaneki-** ,i found the Go** and i stuck for a while.
    pealse i need hint to find creds.
    or i have to escalate in kaneki-** ?

  • Type your comment> @Skid3ow said:

    i uploaded ,i got root,i moved to kaneki-** ,i found the Go** and i stuck for a while.
    pealse i need hint to find creds.
    or i have to escalate in kaneki-** ?

    exactly the same place myself. I know we need to look at Go* and I even have the correct exploit, but still can't make it work %) Thou didn't have enough time to play with it

Sign In to comment.