Smasher2

13»

Comments

  • dunno lol

     / __| | | | '_ ` _ \ 
    | (__| |_| | | | | | |
     \___|\__,_|_| |_| |_|
    

    Hack The Box

  • fun box, learned a lot, thanks @johnnyz187 for the nudge on user

    looks like the box has changed since it was released, there's no brute forcing required to get the b***** files

    for user, running the b***** files locally will help identify a problem that can be combined with some intelligent guesswork. (turns out I'm not very good at guessing.) then some more work to bypass a filter (hints already in this thread).

    for root - enumerate where you might not normally, then research what you find online. i found this part to be easier than getting user.

  • easy :)

     / __| | | | '_ ` _ \ 
    | (__| |_| | | | | | |
     \___|\__,_|_| |_| |_|
    

    Hack The Box

  • Look what we have here. I'm glad the bruteforce part was removed

    0xskywalker

  • Did anyone do user the intended way? I couldn't find the "real" vulnerability. Would someone enlighten me? Disclaimer: I rooted the box.

  • edited October 2019

    Segfault is killing me! xD

  • I'm ashamed to say that I might need a nudge on user. I have tried everything I could think of but have been unable to crack the beverage container.

  • Can I have a hint on the directory? I've tried dirb with every wordlist I know of, on HTML and PHP, but gotten nothing.

  • edited October 2019

    Guys, I got the user using RCE and pe** reverse shell through b******t, I didn't use SSH, but I believe the rooting should be done with ssh, because I found it’s possible to exploit the box using M**P exploitation, so I created and copied my pub keys to user d*****zy/.ssh/authorized_keys, which was successful, but when I try to ssh using "ssh -i id_rsa d*****[email protected]" the box asking for user password!!, what I'm missing? can anyone hint me, please???

  • Rooted. That was fun.

  • edited October 2019

    hey guys , new comer here , I managed to get the job working but i cannot bypass the WAF , any pointers?

  • I can't seem to find the URL for using the credential that I found??

  • edited October 2019

    @Aperture32 said:
    Can I have a hint on the directory? I've tried dirb with every wordlist I know of, on HTML and PHP, but gotten nothing.

    Same here... did you find it?

    EDIT: Nevermind... investigate port 53 and learn how to use dig.

  • Type your comment> @Identity404 said:
    > (Quote)
    > Same here... did you find it?
    >
    > EDIT: Nevermind... investigate port 53 and learn how to use dig.

    I tried dig and dsenum and gotten up addr and domain name
  • @nav1n said:
    Guys, I got the user using RCE and pe** reverse shell through b******t, I didn't use SSH, but I believe the rooting should be done with ssh, because I found it’s possible to exploit the box using M**P exploitation, so I created and copied my pub keys to user d*****zy/.ssh/authorized_keys, which was successful, but when I try to ssh using "ssh -i id_rsa d*****[email protected]" the box asking for user password!!, what I'm missing? can anyone hint me, please???

    That is weird, I could login via ssh.

    menessim

  • Rooted. I really liked this box. learned something new.

    menessim

  • Wrote 2 scripts for the intended route for user (or at least w-d) but the server seems to crash if I go to fast with either script. And I don't think the "grep for c" hint helped. Am I doing it wrong? Can someone PM a hint?

  • I think, and I could be wrong, but the Grep For C hint was for when there was a basic auth turned on this server (which is now off I hear). You are correct there is something that will stop you from hammering this server with some requests...

  • edited December 2019
    Are there any creds in ***.so? It seems like I need them to progress, but nothing.
    Edit: Got user, pretty interesting. Now the journey to root.
    E2: Thanks to @v1p3r0u5 for sharing the root method. While I wouldn't have found it on my own, I definitely learnt a lot from the writeups

    clubby789

    • GCIH
      If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments, or on box release night). And remember to +respect me if I helped you ; )
  • edited December 2019

    Just rooted this. what an amazing box! if people need help please contact me on discord since i don't look here.

    i will give the hints that apply to me the most
    User: don't get stuck on reversing that file, it only gives you a limited bit of information. (in 2 parts)
    bruteforcing/guessing may be needed, i didn't expect this from this box. someone had to hint it to me.
    Root: i had to go to the library to figure out this one.

    badge
    profile: https://www.hackthebox.eu/home/users/profile/114435
    discord: Celesian#0558

  • Got root. User is good but i don't like guessing. Root is not brainfuck at all, some unusual enumeration (Thanks @menessim for initial direction) and next step was very easy.

  • The first Smasher was worth a badge. I feel like this one should have been worth a badge too. Cant wait for Smasher3. I hope that one comes with a badge

    tobor
    Gods make rules. They don't follow them

Sign In to comment.