Ellingson

1356715

Comments

  • edited May 2019

    Just got started - enumeration still going; found W***z**g while doing stuff manually is this the right path? Can we get RCE this way through debug or do I need to look harder at some errors? :)

    EDIT: Yup, now have shell as technoweenie, working on getting user. Can't seem to find anything pertinent to privesc. I must be missing something. I've run a few enumeration scripts and monitored processes to no avail. :/

    EDIT 2: Well I got user.txt from the one with the God complex. I've seen g****** and b***** e*********** mentioned in this thread much to my chagrin. I might give it a crack when I'm feeling up to it. Thanks @Dmwong for the hint

    zweeden

  • as iam getting a lot of dm's I would advice everyone to learn basic rop and not rush for the root, this video by ippsec may also help you -

    R4J

  • just started the machine... i am lost, don't have clue how to start, any leads would be appreciated. Thanks

  • @gokuKaioKen said:
    hmmm... found a traceback

    how ?

  • Am i the only one who has problem with the machine timing out like every 3 mins.

  • hey all, im this initial user on first getting a shell. i know what privs that user has got but cant seem to find anything useful in /var/****. am i supposed to be waiting for a scheduled event to occcur?

  • Need help on user. Managed to get on the system, now I can't manage to find anything interesting besides a couple of hashes which decrypted don't seem to work and also an executable that's needed for root though. DM please..

    Hack The Box

  • The path to root Is only by binary analysis?

    Hack The Box

  • Type your comment> @Hobbot said:

    Am i the only one who has problem with the machine timing out like every 3 mins.

    It's probably users that are getting banned before they read the warning about being banned so they reboot the box.

  • Need help with user. I've got a shell on the box but i don't know i to proceed.
    I ran a couple of scripts but i can't find anything. Also tried pspy but not seems right direction.
    Any hints?

  • My god this box made me discover "peda" -- after spending so much time fuzzing manually lol. Such a cool box! Congrats to the maker!

    lduros

  • edited May 2019

    Hi, I am working on the binary exploitation and I made a working exploit but for some reason it doesn't work on the box. I have the libc from the box and I get gadgets from it. I don't really know what I'm doing wrong. If someone is willing to give me some hints please do!
    Thank you and if I this is a spoiler please tell me to take it down.

    sarange

  • edited May 2019

    Type your comment> @sarange said:

    Hi, I am working on the binary exploitation and I made a working exploit but for some reason it doesn't work on the box. I have the libc from the box and I get gadgets from it. I don't really know what I'm doing wrong. If someone is willing to give me some hints please do!
    Thank you and if I this is a spoiler please tell me to take it down.

    pm me

    Hack The Box

  • rooted ..... that rop fucking ate me alive

  • The g****** file. I can't run it, not user yet. But on my box, when I put in, a thousand chars (roughly), it just launches my command (AAAAAAmycommand). Is it really going to be that easy?

  • Type your comment> @Zot said:

    The g****** file. I can't run it, not user yet. But on my box, when I put in, a thousand chars (roughly), it just launches my command (AAAAAAmycommand). Is it really going to be that easy?

    If only ...

  • Is it just me or the box is just unresponsive every few minutes. Found trace back but cant even try anything.

  • Type your comment> @ColdFusionX said:

    Is it just me or the box is just unresponsive every few minutes. Found trace back but cant even try anything.

    Try regenerate your access.

  • Hi, i think i'm losing something, i've found the part where you can execute code, but, i'm not able to get shell on the machine, i've tryied several types of it, if someone could PM me and help me i whould really appreciate it.

  • Type your comment> @Zot said:

    The g****** file. I can't run it, not user yet. But on my box, when I put in, a thousand chars (roughly), it just launches my command (AAAAAAmycommand). Is it really going to be that easy?

    Yeah, my bad. I was tired, & hopeful. All the bin really did was terminate, & pass the extra chars to the active session that executed it. Oops!

  • any tips for user escalation? been stuck for quite some time, have ssh as one user, just can't seem to see the way forward

  • edited May 2019

    I'm going to try asking a question without any spoil. I have a working "exploit" for the interesting binary, using the pwn library. I'm trying to get this running on the target, and to do that I'm trying to convert this to something standalone or that can be run with very basic tool. I'm able to feed the binary the stage1 using cat, but I'm not sure what to do for stage2. If someone can provide hints back here or through a PM it would be great. Thanks!
    Digging into subprocess as my main source of hope!

    Edit: I think pty is the way. Digging into this one

    lduros

  • Type your comment> @lduros said:

    I'm going to try asking a question without any spoil. I have a working "exploit" for the interesting binary, using the pwn library. I'm trying to get this running on the target, and to do that I'm trying to convert this to something standalone or that can be run with very basic tool. I'm able to feed the binary the stage1 using cat, but I'm not sure what to do for stage2. If someone can provide hints back here or through a PM it would be great. Thanks!
    Digging into subprocess as my main source of hope!

    I'm at the same point as you, transferring the exploit to work on the target is finishing me off!

  • Type your comment> @DameDrewby said:

    I'm at the same point as you, transferring the exploit to work on the target is finishing me off!

    Hey DameDrewby, I'll pm you separately maybe we can exchange a few ideas ;)

    lduros

  • edited May 2019

    Got a shell but now i struggle with lateral movement to become a different user. Found some hashes but they where useless.

    image

  • Look for ways you can read files on the machine via the web app. Mapping the webapp is where I started. Knowing all the pages and what each one serves up.
  • Ookay, I think I need help. Got shell, but not user.txt. Tried to enumerate the machine with 3 different scripts, checked all the interesting info. Found the apparent way to root, but struggling with user. Does anyone have a nudge / guide in the right direction?
    Thanks.

  • I'm truly making no progress fast with this box. But I am amused to read the journalctl stuff. The garbage file entries. Wondering what that message script in theplague's home dir is. That theplague, I tell you. I wonder what he could really do with a skateboard...

  • Type your comment> @Zot said:

    I'm truly making no progress fast with this box. But I am amused to read the journalctl stuff. The garbage file entries. Wondering what that message script in theplague's home dir is. That theplague, I tell you. I wonder what he could really do with a skateboard...

    I made progress. Funny how copying whole directories to my machine can sometimes be the only way to truly let me know what I have access to.

  • Found the console but can't get a reverse shell. Any help would be appreciated

Sign In to comment.