Ellingson

2456715

Comments

  • Type your comment> @wabafet said:

    this is the coolest challenge i have done ever

    Not only do I love the hackers movie from my younger days but what the hell that bug is so off the wall i got lucky as hell patreon hats off to you boys ;) for teaching people like me how to find things to fill my flask with and drink with pure joy

    What are some of your favorites? I supported fuzzysecurity for a while but then lost interest; will probably look for others.

    -Keep Learning
  • box already destroyed? Doesn't work for me and I can't reset it :/

  • Fun box! Just got root.

    My hints:
    User: Enumeration + a small waiting game. Some hints from the first page you saw can cut down on the wait a bit. :)

    Root:
    Quality of life tip: once you know which file(s) to go after, download yourself a local copy to work against so you don't have to work against the somewhat slow servers.

    Xentropy
    Null | Nada- | Zip | Diddly | Zilch+

  • For any of you not familiar with this web app framework, feel free to DM; i can point you in the general direction of where you need to go; I'm pretty unfamiliar with this myself but I have an idea of what next steps will look like;

    -Keep Learning
  • Low port bruteforce is the right way ?
    Ive made a very small passw list with enumeration and i found some users but it doesnt work...

  • @Crafty, I tried the same thing and got no results, I'm thinking its the username that is the issue..

  • any one help me with getting shell ? ive tried all the reverse shell possibilities, non of them are working.

  • fail2ban lol

    -Keep Learning
  • Shoutout to box creator; when you find the way forward lmaoooo

    -Keep Learning
  • Some of you should spend time learning bout ssh; your default shouldn’t be to “crack all the things” that’s not a methodology; my 2 cents
    -Keep Learning
  • edited May 2019

    Well, lets see... I've got 4 potential users with a dozen or so permutations per username, and 4 passwords with a bunch of different potential variations of those.

    I could enter a couple hundred entries by hand trying them out, or I could automate it.

    Hmmmmmmm.

    "Maybe be more constructive with your criticism" - hip hop hoppotamus

  • I have a shell, still trying to get user.txt. Any hint for where to go from here?

  • Type your comment> @GordonFreeman said:

    I have a shell, still trying to get user.txt. Any hint for where to go from here?

    some simple enumerate will help. probably even classic scripts can give you what may seem interesting

  • edited May 2019

    Yeah I ran 2 enum scripts, found 3 things I could crack, nothing worked for logging in as another new user. Found one interesting binary I couldnt seem to do anything with. I'll continue scavenging around.

  • Type your comment

    rotarydrone
    OSCP

  • edited May 2019

    Type your comment> @R4J said:

    Well im being flooded on the dm's, please continue the discussion over here so that everyone can benifit.

    So is it the ga***** thing? I'm not good at bi**** ex****. I think that the AS** is not enabled, right?

    sarange

  • Type your comment> @sarange said:

    Type your comment> @R4J said:

    Well im being flooded on the dm's, please continue the discussion over here so that everyone can benifit.

    So is it the ga***** thing? I'm not good at bi**** ex****. I think that the AS** is not enabled, right?

    Are you sure? Google how to check if it is enabled or not.

  • Is the fail2ban thing when enumerating the domain with gobuster or dirsearch? Or am I just having issues with my VPN or other stuff?

  • @ZerkerEOD said:

    Is the fail2ban thing when enumerating the domain with gobuster or dirsearch? Or am I just having issues with my VPN or other stuff?

    When i looked at the conf it looked like a lot of jails were enabled, i didn't verify though;

    -Keep Learning
  • Type your comment> @zauxzaux said:

    @ZerkerEOD said:

    Is the fail2ban thing when enumerating the domain with gobuster or dirsearch? Or am I just having issues with my VPN or other stuff?

    When i looked at the conf it looked like a lot of jails were enabled, i didn't verify though;

    Thanks, I think its a mixture of everything. My internet out here sucks so its hard to figure it out lol. 3g Internet FTW lol jk

  • Spoiler Removed

    Hack The Box

  • Type your comment> @sarange said:

    Type your comment> @R4J said:

    Well im being flooded on the dm's, please continue the discussion over here so that everyone can benifit.

    So is it the ga***** thing? I'm not good at bi**** ex****. I think that the AS** is not enabled, right?

    well aslr is enabled and you can check that by looking at /proc/sys/kernel/randomize_va_space, if it is 2 it means enabled and 0 means disabled.

    R4J

  • edited May 2019

    I'm not sure what I'm doing wrong in getting the initial shell. I tried with certain scripts and manually but none of them seem to work :\ I'm starting to think there is something wrong with my kali machine.. could someone PM me so I can see if i'm doing this the right way?

    Vex20k

  • Type your comment> @Vex20k said:

    I'm not sure what I'm doing wrong in getting the initial shell. I tried with certain scripts and manually but none of them seem to work :\ I'm starting to think there is something wrong with my kali machine.. could someone PM me so I can see if i'm doing this the right way?

    Keep in mind that it's you who's looking for help. So, noone will probably PM you until you do that yourself. You keep enumerating the website, and if you've already found what you need then focus yourself at how the interpreter would appear to be useful in system enumerating.

  • Got the User..!!

    Scratching my head to get the root. I hate binary exploitation.

    Can anybody PM me and give me nudge?
  • Type your comment> @rahul3515 said:

    Got the User..!!

    Scratching my head to get the root. I hate binary exploitation.

    Can anybody PM me and give me nudge?

    You better learn basics of reverse engineering and debugging. I don't think the binary exploitation part requires something much more than basics. So, that's going to be good for you. Don't rush, FB's been already taken. But that's only an advice, do whatever you like to.

  • I have shell access decrypted passwords no luck. Any help would be good :)

    OSCP - Looking for pentest Jobs

  • Got an exploit working locally but when i try to exploit remotely cant seem to get it to work for root, if someone could send me a PM

  • beebee
    edited May 2019

    so i have p**** int access, able to to view files, move directories, upload files, I still can't manage to get a shell to pop back. I was wondering if i needed to continue with this path or if I should be attempting to access more legitimately on the lower port.

    OSCP

  • what an awesome box, i have learned a ton, i finally got user and now i am on to root.

Sign In to comment.