Smasher2

13»

Comments

  • Could somebody give a hint for root?

  • dunno lol

     / __| | | | '_ ` _ \ 
    | (__| |_| | | | | | |
     \___|\__,_|_| |_| |_|
    

    Hack The Box

  • fun box, learned a lot, thanks @johnnyz187 for the nudge on user

    looks like the box has changed since it was released, there's no brute forcing required to get the b***** files

    for user, running the b***** files locally will help identify a problem that can be combined with some intelligent guesswork. (turns out I'm not very good at guessing.) then some more work to bypass a filter (hints already in this thread).

    for root - enumerate where you might not normally, then research what you find online. i found this part to be easier than getting user.

  • easy :)

     / __| | | | '_ ` _ \ 
    | (__| |_| | | | | | |
     \___|\__,_|_| |_| |_|
    

    Hack The Box

  • Look what we have here. I'm glad the bruteforce part was removed

    0xskywalker

  • Did anyone do user the intended way? I couldn't find the "real" vulnerability. Would someone enlighten me? Disclaimer: I rooted the box.

  • edited October 2019

    Segfault is killing me! xD

  • I'm ashamed to say that I might need a nudge on user. I have tried everything I could think of but have been unable to crack the beverage container.

  • Can I have a hint on the directory? I've tried dirb with every wordlist I know of, on HTML and PHP, but gotten nothing.

  • edited October 2019

    Guys, I got the user using RCE and pe** reverse shell through b******t, I didn't use SSH, but I believe the rooting should be done with ssh, because I found it’s possible to exploit the box using M**P exploitation, so I created and copied my pub keys to user d*****zy/.ssh/authorized_keys, which was successful, but when I try to ssh using "ssh -i id_rsa d*****[email protected]" the box asking for user password!!, what I'm missing? can anyone hint me, please???

  • Rooted. That was fun.

  • edited October 2019

    hey guys , new comer here , I managed to get the job working but i cannot bypass the WAF , any pointers?

  • I can't seem to find the URL for using the credential that I found??

  • edited October 2019

    @Aperture32 said:
    Can I have a hint on the directory? I've tried dirb with every wordlist I know of, on HTML and PHP, but gotten nothing.

    Same here... did you find it?

    EDIT: Nevermind... investigate port 53 and learn how to use dig.

  • Type your comment> @Identity404 said:
    > (Quote)
    > Same here... did you find it?
    >
    > EDIT: Nevermind... investigate port 53 and learn how to use dig.

    I tried dig and dsenum and gotten up addr and domain name
  • @nav1n said:
    Guys, I got the user using RCE and pe** reverse shell through b******t, I didn't use SSH, but I believe the rooting should be done with ssh, because I found it’s possible to exploit the box using M**P exploitation, so I created and copied my pub keys to user d*****zy/.ssh/authorized_keys, which was successful, but when I try to ssh using "ssh -i id_rsa d*****[email protected]" the box asking for user password!!, what I'm missing? can anyone hint me, please???

    That is weird, I could login via ssh.

    menessim

  • Rooted. I really liked this box. learned something new.

    menessim

  • Wrote 2 scripts for the intended route for user (or at least w-d) but the server seems to crash if I go to fast with either script. And I don't think the "grep for c" hint helped. Am I doing it wrong? Can someone PM a hint?

  • I think, and I could be wrong, but the Grep For C hint was for when there was a basic auth turned on this server (which is now off I hear). You are correct there is something that will stop you from hammering this server with some requests...

  • edited December 2019
    Are there any creds in ***.so? It seems like I need them to progress, but nothing.
    Edit: Got user, pretty interesting. Now the journey to root.
    E2: Thanks to @v1p3r0u5 for sharing the root method. While I wouldn't have found it on my own, I definitely learnt a lot from the writeups

    clubby789

    • GCIH
      If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments). And remember to +respect me if I helped you ; )
  • edited December 2019

    Just rooted this. what an amazing box! if people need help please contact me on discord since i don't look here.

    i will give the hints that apply to me the most
    User: don't get stuck on reversing that file, it only gives you a limited bit of information. (in 2 parts)
    bruteforcing/guessing may be needed, i didn't expect this from this box. someone had to hint it to me.
    Root: i had to go to the library to figure out this one.

    badge
    profile: https://www.hackthebox.eu/home/users/profile/114435
    discord: Celesian#0558

  • Got root. User is good but i don't like guessing. Root is not brainfuck at all, some unusual enumeration (Thanks @menessim for initial direction) and next step was very easy.

  • The first Smasher was worth a badge. I feel like this one should have been worth a badge too. Cant wait for Smasher3. I hope that one comes with a badge

    tobor
    Gods make rules. They don't follow them

Sign In to comment.