Writeup

Starting the discussion thread

«13456731

Comments

  • not just name , its real writeup :)

  • edited June 8

    only 1 root own and 25 users, wow

    edit: 1 root and 44 owns..

    Hack The Box

  • I feel like I'm staring right the vuln and am just over thinking things. Is the p*ge= the right path forward?

  • Type your comment> @Glasgow said:

    I feel like I'm staring right the vuln and am just over thinking things. Is the p*ge= the right path forward?

    there may be something there, but I got user another way.

  • I haven't found there to be any vulnerable lfi, but i could be missing something.

  • I'd probably be. more helpful, but apparently I'm spamming. :p

    You have posted 2 times within 30 seconds. A spam block is now in effect on your account. You must wait at least 60 seconds before attempting to post again.

  • Hey guys as only port 80 is there to enumerate I can't dir bruteforce am i even in the right direction please pm me if i'm

  • Type your comment> @PwrZer0 said:

    Hey guys as only port 80 is there to enumerate I can't dir bruteforce am i even in the right direction please pm me if i'm

    try burpsuite

    Hack The Box

  • my dirb keeps stopping, and i can't seem to enumerte with gobuster, or dirbuster
    anyone else having this issue?

    Nixguy

  • Type your comment> @0xAMS said:

    my dirb keeps stopping, and i can't seem to enumerte with gobuster, or dirbuster
    anyone else having this issue?

    Take a look on message in page... You'll get a hint about what's happening.

  • cant figure out if the part with creds is of any relevance! :disappointed:

  • I've trying to check everything that visible, I found pg= Am I in the right path?

  • Type your comment> @NeoBox said:

    I've trying to check everything that visible, I found pg= Am I in the right path?

    Maybe read the other posts? :p

  • Type your comment> @hxmo said:

    Type your comment> @PwrZer0 said:

    Hey guys as only port 80 is there to enumerate I can't dir bruteforce am i even in the right direction please pm me if i'm

    try burpsuite

    I tried but I couldn't reach anything useful up till now If someone could spot a light for me please PM !

  • edited June 8

    Hint for user:
    Don't use dirbuster, gobuster, etc. there is no need to brute force directories. Look at a popular file you might find on a web server that is commonly misconfigured by admins thinking it actually makes it more secure. This will give you a start to where you need to be. If you don't have this plugin, I recommend installing a Firefox plugin called wappalyzer, its a neat tool. Just enumerate. This should be more than enough to help you find what you need to use to get access. Next step,

    InfectdBurrito

  • Type your comment> @PwrZer0 said:

    Type your comment> @hxmo said:

    Type your comment> @PwrZer0 said:

    Hey guys as only port 80 is there to enumerate I can't dir bruteforce am i even in the right direction please pm me if i'm

    try burpsuite

    I tried but I couldn't reach anything useful up till now If someone could spot a light for me please PM !

    spider the target

    Hack The Box

  • The exploit used in this machine is seriously on of the most user-friendly I have even used. Funny to use, it is like it came out of a movie!

  • wappalyzer*

  • @emaragkos said:

    The exploit used in this machine is seriously on of the most user-friendly I have even used. Funny to use, it is like it came out of a movie!

    Exactly what I thought! Like watching The Matrix :tongue:

  • Type your comment> @emaragkos said:

    The exploit used in this machine is seriously on of the most user-friendly I have even used. Funny to use, it is like it came out of a movie!

    hahahahaha

    Hack The Box

  • Type your comment> @emaragkos said:

    The exploit used in this machine is seriously on of the most user-friendly I have even used. Funny to use, it is like it came out of a movie!

    This! :joy:

    Tip for user: If you believe you've found something but not enough, you probably have found enough. Try to figure out what it is you found instead of looking for more content. Remember that it's an "easy box", so most likely the user shell isn't going to require much effort - looking back anyway. When you feel like you can relate to the above quote, you're in a good place. At least you'll get the joke anyway.

    Hack The Box

  • any hint on root? does s**** G**** related?

  • @emaragkos said:
    The exploit used in this machine is seriously on of the most user-friendly I have even used. Funny to use, it is like it came out of a movie!

    That exploit made me want to redo everything I ever did in python to print that beautifully

    sarange

  • edited June 9

    What beautiful exploit.
    Almost like Swordfish movie terminals hahah.

    Arrexel

  • anyone available to give me a nudge?

  • do you need creds for the exploit?
    because none in searchsploit that do not require authentication worked for me

    Nixguy

  • Type your comment> @0xAMS said:

    do you need creds for the exploit?
    because none in searchsploit that do not require authentication worked for me

    No creds needed. A simple google search and a quick scanu of the results should be enough

  • Type your comment> @p0n said:

    Type your comment> @0xAMS said:

    do you need creds for the exploit?
    because none in searchsploit that do not require authentication worked for me

    No creds needed. A simple google search and a quick scanu of the results should be enough

    i did searchsploit on the software and used the exploits it mentioned with no luck

    Nixguy

  • managed to get creds, need a bit of a nudge
    I feel like I'm overlooking something as I can't get the creds to work on /w******/a****

Sign In to comment.