Networked

1356722

Comments

  • edited August 2019

    Nm,, rooted

  • edited August 2019

    I'm a noob. I don't see anyone else mention they are having difficulty port-scanning this box.. I've run at least half a dozen different nmap scans, except a UDP scan of ALL ports(waiting on one). All scans have reported that all ports are filtered, this has remained across box resets.. I'm always up for a challenge, but want to make sure this is meant to be happening?

    EDIT: Oddly enough, I now AM able to scan the box, 24hrs later.. and no ports are coming back as filtered.. I couldn't see any ports before, nor visit the site, but now it's working. Very odd.

  • Type your comment> @Lodovico said:

    I'm a noob. I don't see anyone else mention they are having difficulty port-scanning this box.. I've run at least half a dozen different nmap scans, except a UDP scan of ALL ports(waiting on one). All scans have reported that all ports are filtered, this has remained across box resets.. I'm always up for a challenge, but want to make sure this is meant to be happening?

    You need to enumerate the HTTP service a bit. The initial part is relatively simple.

  • Type your comment> @Seepckoa said:

    You need to enumerate the HTTP service a bit. The initial part is relatively simple.

    I thought I had tried that.. looks like I hadn't gone deep enough. I guess my suspicions about an obstacle in my way may be confirmed. Thanks!

  • Privesc to root is making me scratch my head. I see my ability but trying to understand how to leverage it to get that # sign.

  • Rooted :)

    Appropriately rated box. What I didn't like is even though the paths to exploit were clear if others didn't clean up afterwards it spoiled the box.

    zalpha
    OSCP | CISSP | CSSLP

    Respect always welcome if I can help you: https://www.hackthebox.eu/home/users/profile/140630

  • Type your comment> @Lodovico said:

    Type your comment> @Seepckoa said:

    You need to enumerate the HTTP service a bit. The initial part is relatively simple.

    I thought I had tried that.. looks like I hadn't gone deep enough. I guess my suspicions about an obstacle in my way may be confirmed. Thanks!

    No worries, and good luck for exploiting the flaws of this system.

  • Rooted , Hint
    #Initial,user and root
    Analyse the flaw in code :D
  • Fun box, make sure to clean up stuff to prevent spoilers at certain stages. A few hints:

    Shell: view the source, check out that one file. You might not necessarily be able to totally bypass certain filtering, but you can still smuggle things inside legit files.

    User: enumerate, then return to the source. Timing is everything.

    Root: More standard enumeration. No need to overthink getting around filtering; this can be found with some easy manual fuzzing. There is an article out there if you search well enough on the exact vuln, posting the article is too much of a spoiler though.

  • Just got user.txt with the most ridiculous method. No idea at this moment in time how to get even a user shell (ie g*** as the whoami) !

  • Type your comment> @nuxmorpheus01 said:

    Type your comment> @monkeybeard said:

    @nuxmorpheus01 after your initial enumeration you will find some interesting pages, from there you just have to get your shell onto the server, one of the most trivial ones there is

    I have found the pages. I tried to use curl to upload my shell. No success.

    Maybe the path I am following is correct but I am failling in the execution?

    Are you remembering to make your shell file executable? I didn't at first!

  • edited August 2019

    User and rooted! Though I’m struggling to understand why root pe works. If you've rooted this box and have a decent understanding of how/why root works, I'd love to know!

  • Got root! All about trial and error ;)

    Y3llowMustang
    A+ | Net+ | Sec+ | Server+ | CySA+ | PenTest+ | CASP+

  • I've got a shell, but can't get user. I get the feeling I am missing something obvious. If someone could give me a nudge in the right direction, it would be appreciated.

    Hack The Box

  • rooted , I found I overthought this one way too much. Like others said, everything you need is right in front of you. DM's welcome if you need a nudge

  • Finally rooted, my first machine in ages.

  • Nice box. Felt like if I have the source code given to me and still need trial and error then I'm failing a bit..
  • Type your comment> @reverendin said:

    I've got a shell, but can't get user. I get the feeling I am missing something obvious. If someone could give me a nudge in the right direction, it would be appreciated.

    Im in the same boat.

  • Any hint on root flag?

  • Owned user and root, took me some struggle. What needed to be done was clear to me, just not how to achieve it. All can be achieved without altering existing files, exploits or similar. With look back, fun box :)

  • Finally got root. Hint: read, try and repeat. I was frustrated beyond belief but finally started putting things in and reading what happened.

  • Can someone help me interpret from the source how the rename process is working? I cant figure out how it is naming and would like to understand, pointers appreciated.

  • Got root but while I know HOW I got it (semi focused thinking or blind luck ) I don't get WHY this works, I understand what I change, I don't understand what's causing the process to work the way it does rather than just throw a hissy fit and error.

    Can anyone DM me a why this works, Google turns up how to use the commands rather than why they give the escalation.

  • Does this box crash and reset every 5 min for anyone else? Like is that supposed to happen? I am even on a VIP server but cannot seem to get more than 3-5 min before it goes offline and comes back reset

  • Need a nudge for user. I do have a shell, but need priv esc.

  • I believe it would be upsetting to do this machine on free servers. Anyways, really cool machine.
    Hints:
    Initial part: Don't forget to look for all type of files while searching dirs, you can also guess it by the content of that one file you find in some folder. It's really basic to get a shell from there.
    User: Read the content of the two files in the home directory and then do what you think is right. Waiting will help you.
    Root: Don't even need to enumerate much, once you find the right file, try to escape it and execute something

    v1ew-s0urce.flv
  • I am stuck at root...found a file that has sudo priv . but idk how to escape and get shell. any hints will be appreciated. tq

  • Hey guys can I get a dm on user esc. I got initial shell but have no idea what the php is doing or how it helps me get user.

  • edited August 2019

    Rooted, really liked the box.

    Since you have the sources all you had to do was understand the code and go through it step by step.

    User
    On VIP you didn't get spoilers just by visiting however on Free its a total different story. If you really want to learn something ignore what others did in the browsable sites and analyze the PHP, THEN do what you think is right.

    It takes three steps to user, one forward, one backward and one forward again.
    Get shell, take information back, get shell again.

    https://www.php.net/docs.php
    https://www.w3schools.com/php/php_ref_overview.asp

    Take the functions used, look them up in the docs/w3schools and run them online. If you are unsure how one initial variable is declared, a certain easy-to-discover page will tell you. Make your own $name variable and run it through function after function just like the website does it.
    After each function write down the output, take it to the next function and repeat.

    If you want to get fancy, take the files and make your own server locally.

    PHP Boolean False = 0
    PHP Boolean True = 1

    Root
    Basic enumeration, you can run the well known script or if you do the most important things manually you will discover it pretty fast too.
    If you found it you aren't far away, run it and dont space out, focus on task ahead

  • edited August 2019

    spoiler

Sign In to comment.