Player

1234689

Comments

  • Just AWESOME BOX @MrR3boot !!!
    Most frustrating part for me was 'bak' file, after that it goes smoothly.
    Thank you.

    OSCP

    Hack The Box

  • @s1mpl3 welcome :)

    MrR3boot
    Learn | Hack | Have Fun

  • i am wondering if the jail is a rabbit hole? any hints?

  • Hard and interesting box. Thanks @MrR3boot !
    PM for hints.

  • edited October 2019

    My GAWWWD.... user took me 2 days :(, I had the ssh login successfully using the user txxxgxn, but it was a restricted shell :(, but thanks to the "vuln", got the user immediately. Now seems that the root isn't far away.

    EDIT:
    DONE :)

  • edited October 2019

    Upload is getting me to bang my head against the wall. Think I know how it works on a basic level but beyond that I can't seem to recognize this CVE people are talking about.

    Edit: Past that, got user.txt, now stuck with a sha1/md5 hash I can't seem to crack.

  • that was a great box
    thank you @MrR3boot!

  • What are we supposed to do with the rshell on the high port? I tried a bunch of ways to escape it but nothing worked.

  • From jail as t*****n i was able to read user.txt but have no idea how to escape or where find creds for s****d-d*v . Could someone give some hints?

    kratek

  • This starts to be frustrating =)
    i've found:
    1. contents of /la****/ including php and js
    2. d** vhost and the app used there + link to github. lots of additional php files here which are not part of the repo, but anyways = access denied
    3. c*** vhost and not much here
    4. s****** vhost and the glitch with php + dir name

    i've been hunting for the 'bak' for two days now.. of course i haven't busted every dir yet, but seems like this isn't the way..

  • @v01t4ic said:
    ...
    i've been hunting for the 'bak' for two days now.. of course i haven't busted every dir yet, but seems like this isn't the way..

    Have you ever used vim?

    discoD

  • @Balon said:
    Hard and interesting box. Thanks @MrR3boot !
    PM for hints.

    @angar said:
    that was a great box
    thank you @MrR3boot!

    My pleasure @angar, @Balon :)

    MrR3boot
    Learn | Hack | Have Fun

  • edited November 2019

    Type your comment> @discoD said:

    @v01t4ic said:
    ...
    i've been hunting for the 'bak' for two days now.. of course i haven't busted every dir yet, but seems like this isn't the way..

    Have you ever used vim?

    found it, thanks!

    edit: ...magic, indeed!

  • Hi, I have everything, but not sure where to proceed further. If someone could give a little nudge? Thanks

  • anyone care to give me a nudge?
    Am still in the user stage. Have however been able to log into jail.
    Then exploited it which gives me ability to read files..
    found some interesting things but it's not showing me full content of the files.
    not sure what I am looking for at this stage.

  • Should I be using actual media files to test the upload page? Sending random text files with video file extensions doesn't seem to lead anywhere...

    Hack The Box

  • edited November 2019

    Cool machine so far. Long, very long way to user. But like many others deadly stuck at restricted environment... If someone's got time, please, PM me, I need a little push to the solution.

    Update: Rooted. Thanks @v01t4ic for help and @MrR3boot for an amazing box! Really worth spending time on.

  • @bu77er0verfl0w said:
    Should I be using actual media files to test the upload page? Sending random text files with video file extensions doesn't seem to lead anywhere...

    Think about tools which are used to handle this type of data. And look at what you obtain using the tool. Google will lead to some vulnerability to go further.

  • edited November 2019

    Finally rooted! Thanks for this interesting box @MrR3boot!

    Hints.
    User: come back to the bug
    Root: watch what is going on

  • edited November 2019
    Can anyone give me a nudge on a jail escaping?

    Edit: got it.
    This box is totally crazy :)
  • @Shtrikh17 said:
    Cool machine so far. Long, very long way to user. But like many others deadly stuck at restricted environment... If someone's got time, please, PM me, I need a little push to the solution.

    Update: Rooted. Thanks @v01t4ic for help and @MrR3boot for an amazing box! Really worth spending time on.

    @v01t4ic said:
    Finally rooted! Thanks this interesting box @MrR3boot!

    Hints.
    User: come back to the bug
    Root: watch what is going on

    Glad you guys enjoyed the Game.

    MrR3boot
    Learn | Hack | Have Fun

  • Hey can anyone give me a nudge on how to find the 'bak' file? I've found all the vhosts but for the life of me I am getting nowhere in finding this file.

  • Spoiler Removed

  • Rooted!

    This was my first really HARD box, and I enjoyed every minute of it even it came with frustration and banging my head against the wall.

    This is a great box for testing your accumulated knowledge from the easier boxes, I highly recommend it.

    If you need any help PM me and I will try to guide you without spoiling the fun of it.

    Thank you for you work @MrR3boot .

    trollzorftw

  • @trollzorftw said:
    Rooted!

    This was my first really HARD box, and I enjoyed every minute of it even it came with frustration and banging my head against the wall.

    This is a great box for testing your accumulated knowledge from the easier boxes, I highly recommend it.

    If you need any help PM me and I will try to guide you without spoiling the fun of it.

    Thank you for you work @MrR3boot .

    Most welcome mate :)

    MrR3boot
    Learn | Hack | Have Fun

  • # id
    uid=0(root) gid=0(root) groups=0(root)
    

    Finally got it!
    The best machine i ever completed hands down.

    If anyone needs any help on this, call me on my Discord (Celesian#0558)

    badge
    profile: https://www.hackthebox.eu/home/users/profile/114435
    discord: Celesian#0558

  • So I think I know the exploit to use but it requires creds... can someone chuck any hints to where these might be or let me know if I am on the wrong track?

    Hack The Box

  • Spoiler Removed

  • Rooted! Very cool and hard box. All about enumeration.

    Hack The Box

Sign In to comment.