Player

1234568

Comments

  • Rooted! User part was very interesting and had so much fun.

    I guess there is another way to root, rather than mixing vulnerable code and enumeration, if anyone has rooted with another way, please drop me a message. Apart from root, there is another vhost c**t, what is its purpose anyway??

    Thank you @MrR3boot for your awesome craftsmanship.

  • Fantastic box!
    Got user, stuck at last part for root.
    got unrestricted shell for t*****n and w******* and have been playing with b.p but nothing seems to stick.
    Is this a rabbit hole for root?
    Any hints would be appreciated! :)

  • Type your comment> @portalfire said:

    Fantastic box!
    Got user, stuck at last part for root.
    got unrestricted shell for t*****n and w******* and have been playing with b.p but nothing seems to stick.
    Is this a rabbit hole for root?
    Any hints would be appreciated! :)

    Update:
    Just rooted. went for the rude approach. resetting box.

  • edited January 8

    had fun and headache so far, however, im stuck on the root now, since i dont see the obvious thing everyone is talking about T.T

    Finally done. didn't see what was needed to be seen. After that, straight forward =P thanks for the box

  • edited January 5

    Hi all, I've been enumerating for almost a week now and still unable to find the "bak". Wonder if I'm just using the wrong wordlists? Though I've tried a lot from seclists/dirbuster already. I know it could possibly be related to vim, and have accounted for it in my enum.

    Any nudge in the right direction would be much appreciated!

  • Type your comment> @pirxthepilot said:

    Hi all, I've been enumerating for almost a week now and still unable to find the "bak". Wonder if I'm just using the wrong wordlists? Though I've tried a lot from seclists/dirbuster already. I know it could possibly be related to vim, and have accounted for it in my enum.

    Any nudge in the right direction would be much appreciated!

    Create your own wordlist based on the discovered directory names and filenames without extension. Then try to use different extensions and vhosts.

    bumika

  • @pirxthepilot said:
    Hi all, I've been enumerating for almost a week now and still unable to find the "bak". Wonder if I'm just using the wrong wordlists? Though I've tried a lot from seclists/dirbuster already. I know it could possibly be related to vim, and have accounted for it in my enum.

    Any nudge in the right direction would be much appreciated!

    Well you are in right direction when you said about vim. Think of other editors. There’s no need of wordlists. Identify the php file which responsible for handling access and try different artifact tools against same php file. Good luck 😉

    MrR3boot
    Learn | Hack | Have Fun

  • This one is something.... fun ~_~
    Rooted, wasted something about 3 days for it.
    Thank you @MrR3boot ;)

  • found it finally! thanks for the nudge @bumika , @mRr3b00t and @gverre !

  • I found the backup file and am stuck as to what to do next. Will appreciate any help via PM.

    a

  • edited January 9

    Forget It!!
    Thanks in advance :)

  • I can't find this backup file. I fuzzed every known file from the enumeration process with every folder I found with a bunch of common extensions. In my desperation I even tried to brute force all possible 3 letter combos on known files.
    Could someone give me a hint?

  • > @testmeister said:
    > I can't find this backup file. I fuzzed every known file from the enumeration process with every folder I found with a bunch of common extensions. In my desperation I even tried to brute force all possible 3 letter combos on known files.
    Could someone give me a hint?

    There is an artifact checker on git which definitely help you out. Good Luck ;)

    MrR3boot
    Learn | Hack | Have Fun

  • edited January 10

    @MrR3boot got it, thank you!

    Finally rooted. The initial enumeration was hard, but after finding the right file the rest was straight forward. I really liked that ff***g exploit, never seen such a beautiful exploit before!

  • edited January 11

    Finally rooted. What a ride!

    User was torturous and fun at the same time. Learned a lot on the way. Baby steps with a lot of enumeration and constantly combining information that you found previously. Every step felt like a victory.

    That one exploit was some black magic indeed! Unfortunately I had some trouble reading the credits I found, and stupidly overlooked a simple fix. Thanks to @clubby789 for giving me a nudge!

    Root was really easy once I got on the right path, but very fun and satisfying. Unfortunately somebody had rewritten an important file, so it took me some extra time to get on the right track.

    Great box @MrR3boot - thank you for the adventure!

    Arrexel

  • @kattekebab said:
    Finally rooted. What a ride!

    User was torturous and fun at the same time. Learned a lot on the way. Baby steps with a lot of enumeration and constantly combining information that you found previously. Every step felt like a victory.

    That one exploit was some black magic indeed! Unfortunately I had some trouble reading the credits I found, and stupidly overlooked a simple fix. Thanks to @clubby789 for giving me a nudge!

    Root was really easy once I got on the right path, but very fun and satisfying. Unfortunately somebody had rewritten an important file, so it took me some extra time to get on the right track.

    Great box @MrR3boot - thank you for the adventure!

    Glad you enjoyed my game! Well Done

    MrR3boot
    Learn | Hack | Have Fun

  • Rooted.
    Pretty awesome box I must say! Learnt a lot. 9/10!

    PM is open for anything on the box.

  • Hello!
    I'm stuck on uploading part. Could anyone help me a bit?
    Thanks!

  • This was difficult and fun! The movie deserves an Oscar! Great box @MrR3boot thanks!

  • Found upload page, tried diff extensions of files, bit confused on how to find the path of the uploaded file, appreciate some push?

    MarsG

  • ROOTED [email protected]:~# whoami Hmmm... Really Nice Machine

  • I must admit, really hard but interesting machine for me, learnt numerous things with this one. SO REALISTIC !!!

    Initial Foothold: Dont get fooled by the forbidden gates, take out directories, try getting all the subdomains, etc. Then go ahead and look sources to find something weird.

    User: Make a note of what files were mentioned during your initial enum and which of them you were not able to access, or maybe shown some errors.

    Root: Standard linux priv esc technique, 007 out running processes, detect the interesting ones and exploit...

    Open to DM if anyone needs help :)

  • Hi,
    I have been able to comeback to the C****d d** repository and got a "double" hash. No luck with easy dictonary attack. Knowing that brute force is not needed for this machine I'm wondering if I'm chasing a rabbit.
    Should I try to crack the hash or I'm lost again?
    Thanks,
    Victor

  • edited January 17

    Just got user, so far this is my favorite box, really liked the .a** part.

  • Hello guys! 've been making first steps in pen craft. Could somebody please make some things out clear for me in PM, have several questions, would appreciate it much. Thanks in advance =-)

  • Finally finished player. Great machine.

  • edited January 18

    Well done everyone. Hope machine taught you one/two things. Here is my official writeup of the box https://github.com/MrR3boot/HackTheBox/tree/master/Boxes/Player

    MrR3boot
    Learn | Hack | Have Fun

  • Type your comment> @MrR3boot said:

    Well done everyone. Hope machine taught you one/two things. Here is my official writeup of the box https://github.com/MrR3boot/HackTheBox/tree/master/Boxes/Player

    Awesome writeup. Hands down one of the best boxes in HTB!

    a

  • edited January 18

    Totally agree with @zard - this was a fun, engaging and educational box.

    @MrR3boot creates some amazing boxes here. I look forward to the next one.

Sign In to comment.