Networked

11617182022

Comments

  • hint: for root, use ( sudo file *) then play with input

  • Hey guys, ive dirbusted the 80th port and dont really know what im looking for.

    send me little hints please!

  • edited November 2019

    Can anyone DM some tips on what exactly to do with c_a.***? i know what the script is doing, but I am at a loss on how to manipulate it to work to my advantage. Help would be appreciated!

    Got root! Thanks for the help!

    Feel free to DM me if you need any hints!

  • trying to get root.... i found the c*********.s* script but cannot find a way to gain command execution with it. I have tried all sorts of cmds for the NAME var but I just don't see how it is executed per the code. any help via DM would be appreciated>

  • Hello guys.
    I got shell into the machine with a***** user, once logged in if i type "whoami" sometimes display a***** user and sometimes display g**** user.
    Is this a machine bug?
    Is this a cron process ?
    Any further hints?

  • Type your comment> @wsurfer said:

    Hello guys.
    I got shell into the machine with a***** user, once logged in if i type "whoami" sometimes display a***** user and sometimes display g**** user.
    Is this a machine bug?
    Is this a cron process ?
    Any further hints?

    Had the same issue, closed other shell & waited for next cron exec & was “g***”

  • Any hints on getting user once u`ve gotten a low priv. shell?

  • edited November 2019

    Rooted! Can someone please explain the user exploit and why it works?
    User: Go to ../../../u****s and you'll get it.
    Root: Once you find the right file... "Do something please" "No" "Sudo something please" "OK" ;)
    Hope that's not too spoilery

    PM me for hints/explain the exploit for me

  • Got Root!
    A very nice box that brings you back to basics and reminds us not to overthink of simple things.

    Follow the route: shell -> user -> root

    Hints:

    • Shell: enumerate directories and find a way to bypass the security measures
    • User: Command injection in vulnerable script
    • Root: Way easier than user. When you find out what you can run as root search well on Google regarding on how to exploit the code.

    You are more than welcome if you want hints via PM.
    Nice box @guly !

    raptorfx

  • I'm struggling with getting connection to the shell. I uploaded the package and loaded the image in the browser, but I can't get connection with by terminal. Any nudges (or DM's) in the right direction are greatly appreciated

  • The first version of this box, exposed other ppls inital foothold, that threw the struggle away - you could see contents of the /u***d folder. To get user was easy bcause you could see what other ppl was doing to get it. Same with root.

    Feelt like i cheated on this box...

  • Rooted!

    thanks to @Hilbert and @xcabal

    for any hints DM me.

    noproscp

    respect those who helped you

  • Rooted! also thanks to @xcabal for helping me at the user part.

    DM me if you need any hints.

    -------- xOkami --------

    xOkamil

  • edited November 2019

    Cancel

    • Emrys
      "The last enemy that shall be destroyed is death."
  • edited November 2019

    Type your comment> @Emrys said:

    I got user access but am stuck on how to elevate. Could someone PM me with a nudge in the right direction on how to get root access???

    So I found what I needed to find as g**** but the file never changes. Thoughts?

    • Emrys
      "The last enemy that shall be destroyed is death."
  • edited November 2019

    edited: found the problem

  • Thankyou @guly for the box, good one to remind us of the basics.

  • Just got the user, but no idea what to do to get rooty-rooty,

    any hints please?

  • Finally rooted, thanks to @blooch4 and @Hilbert advices !!

  • Hi guys, pretty new here and enjoying every minute. Iv'e gotten an initial shell on this box as a*****. Definitely having a hard time escalating to user. I know I am overthinking for sure. tried everything I can think of with the odd files but no luck. A DM with a slight nudge in the right direction would be much appreciated. Meanwhile, im gonna keep trying things haha

    Hack The Box

  • edited November 2019

    I could really use a hint for getting user.

    • I have a low priv shell.
    • I have found the script being run by the user.
    • I have stared at PHP code for way too long.
    • I can escape and run some code as the user
    • I don't get the hint everyone gives about TOUCHING. When using that command I can create a file in the same location as the script is being run from. What am I supposed to do with that?
    • I have tried messing a lot with chown and I can get the user flag and get write rights in the directory etc.
    • I feel very limited without being able to use / in me code execution.

    My brain has turned to porridge at the moment - can you please give a hint on how to proceed with what I have?

    EDIT: Okay, so I just got user by some wonky use of chmod, but I don't belive this is the way people are hinting at?

    OSCP, July 2019

  • Type your comment> @S0l3x said:

    trying to get root.... i found the c*********.s* script but cannot find a way to gain command execution with it. I have tried all sorts of cmds for the NAME var but I just don't see how it is executed per the code. any help via DM would be appreciated>

    Ditto. Could someone give me a nudge in a PM? Also, I'm not sure it's important but I don't get any error messages in my reverse shell as user... Thanks.

  • Type your comment> @n0rdberg said:

    I could really use a hint for getting user.

    • I have a low priv shell.
    • I have found the script being run by the user.
    • I have stared at PHP code for way too long.
    • I can escape and run some code as the user
    • I don't get the hint everyone gives about TOUCHING. When using that command I can create a file in the same location as the script is being run from. What am I supposed to do with that?
    • I have tried messing a lot with chown and I can get the user flag and get write rights in the directory etc.
    • I feel very limited without being able to use / in me code execution.

    My brain has turned to porridge at the moment - can you please give a hint on how to proceed with what I have?

    EDIT: Okay, so I just got user by some wonky use of chmod, but I don't belive this is the way people are hinting at?

    Definitely in the same boat. Brain is mush, however still havnt gotten user.

    Hack The Box

  • Rooted!

    User: It's not complicated! PM me if you're stuck

    Root: Not hard but I was confused, I needed to hear from someone.
    If you're stuck PM me I'll be happy to help you

    Hack The Box

  • edited November 2019

    Hi guys!
    Finally got the root.
    But still no clue, how does it works)
    Why N*****E= n******e b***h works?
    Can anybody pm me, if found the answer

    N0rt0N

  • Type your comment> @n0rdberg said:

    I could really use a hint for getting user.

    • I have a low priv shell.
    • I have found the script being run by the user.
    • I have stared at PHP code for way too long.
    • I can escape and run some code as the user
    • I don't get the hint everyone gives about TOUCHING. When using that command I can create a file in the same location as the script is being run from. What am I supposed to do with that?
    • I have tried messing a lot with chown and I can get the user flag and get write rights in the directory etc.
    • I feel very limited without being able to use / in me code execution.

    My brain has turned to porridge at the moment - can you please give a hint on how to proceed with what I have?

    EDIT: Okay, so I just got user by some wonky use of chmod, but I don't belive this is the way people are hinting at?

    Okay, so I managed to get both user and root. Root was in my opinion much easier than the user. As far as I can see, you will have to complete this box by low priv -> user -> root.

    I hope I am not spoiling too much - if so then just censor it, or let me know and I will leave out some details.

    Low priv:
    Standard enumeration should give you a quite obvious functionality on the web application that can be fairly easily exploited. When you find it, then just use a local proxy and modify the request to get around any security measures.

    User:
    Find the script being run by the user. Figure out how to escape the execution. I hope this is not spoiling, but the script looks at filenames. You can get code execution this way. Then be creative about how to use this newly found ability.

    Root:
    By doing your standard enumeration as the user - not the low priv - you will find an interesting script that the user can execute. Try to run it. In my opinion you don't have to know what the script is meant to do exactly for this to work. Play around with the inputs to the script a bit like when you were trying to get user. I made this work by trial and error and it took me like 1/20 of the time user took.

    OSCP, July 2019

  • Rooted, thanks for those who helped

    initial foothold: follow ippsec techniques at the beginning of each video, enumeration, you will find interesting things, try to use them to get your shell.

    User: refer to the article posted in previous pages of this forums.
    root: enumerate, find interesting stuff, and try to see how you can use it.
    I learned a lot from this box.

  • those who face a problem while trying to use sudo , see this article might help (https://unix.stackexchange.com/questions/18830/how-to-run-a-specific-program-as-root-without-a-password-prompt) If it's a spoiler do inform me so I delete it

  • @zgordon96 said:
    Type your comment> @Cooper24 said:

    Type your comment> @zgordon96 said:

    Can somebody please reset the box? Finally got the "thing" onto the "thing" but when i go to the "thing" page it's just a dot.. Somebody keeps either breaking it or trolling the hell out of us.

    nope, that is all correct. the dot is used to be there :)
    what did you found so far?

    So I uploaded the "thing", went back to that page that shows the ""things", but it's literally just a dot. First time I got onto the box there was a list of all the stuff that people also placed onto that page, but now when I go back to it it's just a dot. I imagine it cleared when it reset the box, but no matter how many times i upload it it won't show up there, nor if I just type the name into the link.. It says file uploaded, refresh gallery but there's nothing there. Sorry if there were any spoilers, I tried to be vague

    Hello All
    I see the same behavior
    File uploaded, go to the directory but nothing just a spot :/

    little help please :)

  • still struggling hard core on user. I feel like im so close but just cant grasp it. Might need a couple more hints. ive gotta be staring right at the answer...

    Hack The Box

Sign In to comment.