Scavenger

12467

Comments

  • I have RCE as user i*3. My understanding is that I have to move laterally to other users before I can get the user flag. I have enumerated the system as far as I could (find, grep, the usual stuff on the usual configuration and Web application files). However, though I found credentials for another service, it seems I can't make progress. Could anyone give me directions on where to look further?
  • Type your comment> @davidlightman said:

    I have RCE as user i*3. My understanding is that I have to move laterally to other users before I can get the user flag. I have enumerated the system as far as I could (find, grep, the usual stuff on the usual configuration and Web application files). However, though I found credentials for another service, it seems I can't make progress. Could anyone give me directions on where to look further?

    hint: incident logs.

  • edited September 2019

    Got user and a tty, I'm at the final step. I think I'm in a rabbit hole for root though - can't seem to escalate. Got the string, I know where to put it, but somehow it doesn't work. Can any one confirm if the -oo-.- file from the -.p--p file is the correct path? :smiley: Thanks!

  • Type your comment> @tress said:

    Got user and a tty, I'm at the final step. I think I'm in a rabbit hole for root though - can't seem to escalate. Got the string, I know where to put it, but somehow it doesn't work. Can any one confirm if the -oo-.- file from the -.p--p file is the correct path? :smiley: Thanks!

    Keep going. you're almost there.

  • Hi all, I am having trouble viewing pages, I've not done anything with vhost before. I have added the IP and domain to my h--- file but get the error page. I have dug up some more domains but get the same error page. can someone please send me a message with a little help on the foothold?

    Hack The Box

  • Type your comment> @tress said:

    Got user and a tty, I'm at the final step. I think I'm in a rabbit hole for root though - can't seem to escalate. Got the string, I know where to put it, but somehow it doesn't work. Can any one confirm if the -oo-.- file from the -.p--p file is the correct path? :smiley: Thanks!

    I'm in the same spot and it's driving me crazy!

  • Type your comment> @combinator said:

    Type your comment> @davidlightman said:

    I have RCE as user i*3. My understanding is that I have to move laterally to other users before I can get the user flag. I have enumerated the system as far as I could (find, grep, the usual stuff on the usual configuration and Web application files). However, though I found credentials for another service, it seems I can't make progress. Could anyone give me directions on where to look further?

    hint: incident logs.

    I "scavenged" the system for logs in the usual directories. I don't even have permission to read any file. The insect application also does not seem to provide any form of incident logs. I am confused as to where I should be looking next.

  • Hold on! I might have found something.

  • Type your comment> @verg said:

    Type your comment> @tress said:

    Got user and a tty, I'm at the final step. I think I'm in a rabbit hole for root though - can't seem to escalate. Got the string, I know where to put it, but somehow it doesn't work. Can any one confirm if the -oo-.- file from the -.p--p file is the correct path? :smiley: Thanks!

    I'm in the same spot and it's driving me crazy!

    Maybe the hacker doesn't just copy and paste code as is :wink:

  • I managed to find some place to perform code exec after meeting the insect, but now when I see the comments, I see a lot of people talking about some incident checking to get your way in. Hmph! Maybe there's more than one way in?
    Any nudge would be greatly appreciated.

    pzylence
    OSCP

  • edited September 2019
    OMG some webpages are so slow in this box....
    so slow that I can't enum
    don't even know i'm on the right path

    toka

  • Privesc is a b*tch

    LordeDestro

  • Anyone to PM me for nudge, been stuck in the FTP for a while... Also i think i got user a pretty lame way, is there a way to get user with TTY?

    LordeDestro

  • Type your comment> @LordeDestro said:

    Anyone to PM me for nudge, been stuck in the FTP for a while... Also i think i got user a pretty lame way, is there a way to get user with TTY?

    Same here, it's so hard to enumerate without a decent shell

    toka

  • edited September 2019

    Finally Rooted.
    This machine costed me so much time. thanks to @polarbearer and @Narmu for your help
    the slowness of some service was really painful

    EDIT:
    found a way to get a good user shell, but this doesn't seem to be a smart way

    toka

  • I wandering how to make sqlmap do things for me in w***s. I tried capturing request with wireshark, seen specific protocol, and data sent looks very simple, i just dont know how to specify it.
    Can you give me a push of how to get db mane for access or other protocol? Or, maybe capture request properly? Or send some articles of this kind of technics?

  • edited September 2019

    Hi! i got user, found a way to privesc into (.pc*p file ), but it seems not working (i'm running it from s***l.p**)
    someone can give me a hint? should i have a tty?

    edit: got root, but i think I missed one step..

    See Ya!
    0xdebe

  • edited September 2019

    Man, the slow thing is really slow... Someone was saying based on the .***p I don't need to bother with it?

    Edit: got user :) losing my mind in the final step, can't make the "magic command" work it's magic...

  • I'm at what i am presuming to be the very last step before jumping through the gate of yonder, but i am looking for an adult who can explain to me the very last few backwards steps, or at least spot what i am missing. agency sponsored backwards approach...

    -All hail the Potato-

  • got root. after a lot of working. thanks to box creator @ompamo. it was relly cool box.

    and thank to @naveen1729 for help. and special thank to @Tohzzicklao for heading me right way and hints.

  • Rooted :) Thanks so much @ompamo for the box, it was a really nice one!

    The user part shouldn't be that hard if you enumerate again and again and look at the forum hints.
    For the root part, you need to enumerate again and HOPE SOMEONE DIDN'T DELETE THE FILE!!

    Don't hesitate to PM if you're struggling ;)

    Hack The Box

  • Finally, Rooted :) Big Thanks to this guy @ompamo for such a frustrating yet amazing box.
    Would like to thank @xcoder , @rival23 & @poiuytrewqhi for the nudges.

    For anyone stuck at finding users : You've got the hammer, all you need to do is finding weak wall to hit it in order to get into it.

    For anyone stuck at root : Google the part, find the key and use your magic wand :)

  • Rooted :) what a ride! An amazingly frustrating yet statisfying box! Thank you @verg for the nudges and @ompamo for creating the box!!!!

  • edited September 2019

    can someone please enlighten me on how to get past the VHOST error. DM me if you can help :)

    EDIT: I have gotten past this stage now thank you @przemeks and @dontknow for the nudges :)

    Hack The Box

  • Hardest box so far for me.
    Thanks and respect to @p4ncontomat3 !!

  • edited September 2019

    Banging my head against the wall AGAIN. I have a crappy shell on the insect after digging my way through a few things. Can someone please let me know if i am in a giant rabbit hole and maybe DM me with a pointer. respect will be given :smile:

    EDIT: I have made it to the slow thing people were talking about. but reading back I think i need to look over the ---p file some more.

    EDIT: User got. with thanks to help from @xcoder

    Hack The Box

  • edited September 2019

    ~anybody with some tip? I got the slow thing but it's just not working. I also know about the magic but also can't get that to work (either because I don't have tty or magic words are wrong but also couldn't find any updated source)~ Thanks to @dontknow for a reminder

    Update: root was fun (and super simple when you found all the stuff in user enum). user was a bit of a pain with so many things to look at. I enjoyed the first steps (sq*i, digging) but the web part was a bit annoying. Upside: got me to write a local shell via http script :smile:

    florian1999

  • I have found many colours of headwear and how to procure the services of people who would frequent this site. I've tried digging into what I found and using what I've found to look at original things. After digging for a while drawing a blank on where to go next.

    What am I missing? I'm guessing I haven't found the insect yet or have missed the reference.


    OSCP | PMP

  • Type your comment> @beefaaubee09 said:

    Finally, Rooted :) Big Thanks to this guy @ompamo for such a frustrating yet amazing box.
    Would like to thank @xcoder , @rival23 & @poiuytrewqhi for the nudges.

    For anyone stuck at finding users : You've got the hammer, all you need to do is finding weak wall to hit it in order to get into it.

    For anyone stuck at root : Google the part, find the key and use your magic wand :)

    Congratz bro!

  • stuck. could anyone give me a DM injection for the initial foothold ?

Sign In to comment.