Scavenger

123457»

Comments

  • edited February 8

    Missing that magic word. Think I missed an important file while enumerating.

    Edit: Got root thanks to nudges from @wxadvisor and @m4ng0n3l

    Arrexel

  • Almost at the finish line. Trying to figure out how to utilize magic word using web shell. Can anyone give a nudge?

  • Type your comment> @olsv said:
    > Almost at the finish line. Trying to figure out how to utilize magic word using web shell. Can anyone give a nudge?

    Are you sure that you know the magic word?

    bumika

  • Rooted. Kudos to @bumika

  • Rooted! really nice box
    Good job @ompamo!

    -- User:
    - Try something common i websites logins but in other place
    - Looks like i was already pwn
    -- Root
    - Remember that it was pwn

  • Underrated box.
    Just wish that the admin interface wasn't so slow!

    Hints:
    User: write a python script to interact with the w*******, it will save you time
    The metasploit module works, just need to set timeout in advanced options and to use a GENERAL type payload ..

    Root: exfiltrate and analyse

  • Wow!!! Finally rooted! Ffuuuuuhhh. Thanks to @bumika and @wxadvisor . I've learned a lot! Thank you @ompamo for such nice box!

  • edited February 12

    I'm so close to root now, I can't find the ko file.
    I used grep and find with the 2 users I can launch commands...
    It's crazy because I see it loaded with the l***d command.

    EDIT : Rooted. To find the ko file : Look closely ! Don't go too far.
    Thanks to @bumika for the help and @ompamo for this epic box :)

  • Finally finished this box. It has been the most difficult (and elaborate) so far, really a lot of work went into this. Thanks to the maker for giving us the opportunity to improve our skills. I learned a lot, getting a little deeper with msf, honing enum skills. I really appreciated the s*l vuln in the w***s service. That was a flavor I hadn't come across yet. Also, finished strong with old school disassembly.

    I've kept notes of how I solved it, so if anyone needs some nudges, let me know.

    Hack The Box

  • OK!
    I got User, found the KO, got everything I need from the "incidents", did they change the magic word? I can see it clearly there, why is it not working? :sad:
    Please a nudge

    Hack The Box

  • Type your comment> @gu4r15m0 said:
    > OK!
    > I got User, found the KO, got everything I need from the "incidents", did they change the magic word? I can see it clearly there, why is it not working? :sad:
    > Please a nudge

    1. Reverse engineering the binary OR
    2. “Advanced” strings analysis

    If you want to learn something (simple Intel assembly) use the first method. If you want to get points swiftly use the second method.

    bumika

  • This machine is brutal at some point.

    Foothold :

    • Enumerate everything. Think about the purpose of the server you are trying to break.
    • Dont forget to check everything, really !
      For user :

    • Scrap everything, some user can have left some infos ?

    • is people can communicate thru this server ? Look at what you have at the foothold step
      For root :

    • What happend to the server ?

    • You can do a bit a forensic here to get more infos
    • Use the tools you get installed on the server

    Overall excellent VM even if they made me crazy.
    Learned a lot.

    Note : You don't need any rev shell at any point ! Everything is doable without this !!!

    Hope i dont spoil to much :)

    Jugulairel

  • Type your comment> @bumika said:

    1. “Advanced” strings analysis

    Trying this method but can't seem to get the correct strings, maybe there are special characters between words?

    Hack The Box

  • edited February 14
    Type your comment> @gu4r15m0 said:
    > Type your comment> @bumika said:
    >
    > (Quote)
    > Trying this method but can't seem to get the correct strings, maybe there are special characters between words?

    Did you play with the minimum length limit?

    No. More precisely: did you find all elements of the magic? It is easy to concatenate them based on the default value.

    bumika

  • Type your comment> @bumika said:

    Did you play with the minimum length limit?

    yes!

    No. More precisely: did you find all elements of the magic? It is easy to concatenate them based on the default value.

    Ooh!!

    ROOTED!!
    Thanks

    Amazing box by @ompamo pentesting + forensics, thank you all!

    Hack The Box

  • edited February 18

    okay this is my first attempt at messing with dns i have a bunch of information but i still get the vhost error and all the googling in the world doesnt seem to be helping me figure this out. can someone pm me a nudge? anything helps.

  • edited February 22

    Hi,

    I already have access to the whois vhosts, but I'am kinda stuck there. I do not see where I can go from there :/ I know that the "back office needs to be acivated" but that's all :/

    Any help is welcome

    EDIT: nevermind, I focused on one vhost only... So yeah, like it has been said many times already: Enumerate...

    EDIT2: Jeeee! Probably one of the hardest user ever ^^ Pretty awesome though!

  • any chance someone could PM me a nudge here? I think I've found all the vhosts but I seem to be doing something wrong with my enumeration.

  • Finally rooted, before it got retired. Thank you @seke for nudges to the right direction.
    Thank you @ompamo for that awesome box. Really loved it and learned a ton.


    Hack The Box
    GREM | OSCE | GASF | eJPT

  • Heh, I also did it before it got retired.
    Many thanks goes to @Chr0x6eOs! He saved me from a lot of stupid fucking mistakes I stuck at.
    By the way this box was really funny.

    an0nnnym0u
    Did I help you? Please return the favour and +1 respect me
    https://www.hackthebox.eu/home/users/profile/177580

Sign In to comment.