Wall

1235727

Comments

  • i am stuck on www-data shell any hint pls !

  • Rooted. This box was weird and a bit annoying... Privesc felt like cheating but what I used seemed to be placed there on purpose by the box creator. I exploited c*** manually instead of repairing, reading the code reveals how it can be done.

    Hack The Box

  • I have tried rewriting this exploit, and it simply isn't working. I've also tried to exploit manually, but I'm continually getting 403s once I put a space in the input field. I've encoded the space and same thing. This is frustrating...

  • Rooted. Box as a whole seems too contrived. Curious if there's more than one way to root. Path I took was a bit underwhelming.

    Hints for user: once you get past using the right verb, you'll hit the "wall." Keep trying different things and you'll get past it. Can be done from the UI if you understand the exploit. Then enumerate some more to get user, or you can go straight to root and then get user after.

    Hints for root: standard Linux enumeration plus another exploit.

    Feel free to PM if you're stuck.

  • edited September 2019

    If this is too much to ask just say so but... should I be "dictionarying" m********* or c*******? I'm trying to use h**** for it but I'm new to it so I can't tell if what I'm doing wrong is syntax or what I'm going after.

    Thanks in advance :)

    EDIT: I think I was using the wrong approach. Tried piping in my passwords of choice to something else that I had come across but though I'd need to know the creds already

  • Can anyone who did not find the password by "guessing" but by brute forcing- contact me and tell me his/her way to approach ? I build a small script using curl to read cookies+token and use them for request but it fails all the time.

    image

  • Root hint:
    Do your basic enum. and watch the output very carefully. The exploit is straight forward. and once you found it, don't spoil other people. clean up your tracks quickly. good luck

    IceM4nn

  • edited September 2019

    Init HINT for dumb people like me who can't find с*******:
    1. First you need to find m*********
    2. to search for m********* you need to do the most common thing that can be done with d**b tool and at the same time not give him anything that is outside of his standard directory.

    After that, pay all attention to the found m*********, but, as already said, you do not need brute force!
    1. Then the question arises: what can be done other than brute-forcing?
    2. Here you need a hint about the teacher and verbs.
    3. however, this was not enough for me: note that sometimes a slash can be crucial
    4. after that you should look at what the server told you.
    I hope I haven’t suggested too much?

  • my nc is not getting anything >< darn exploit.. help anyone ??

  • Type your comment> @Warlord711 said:

    Can anyone who did not find the password by "guessing" but by brute forcing- contact me and tell me his/her way to approach ? I build a small script using curl to read cookies+token and use them for request but it fails all the time.

    If you know the exploit you need to use, you can easily convert that into a brute force script, that's how I did it (even after guessing it, I made the script anyway)

  • edited September 2019

    Anyone got his exploit to work after getting past "the wall" ? The first CVE, to get user
    Edit: currently with my shell as www-data

    Hack The Box

  • ROOTED ,
    pm me for hints

  • For those struggling with the correct payload to get a shell, remember bash can decode things in a certain base. Remove if it's too much info xD

    Tohzzicklao

  • Hey guys !

    Seems a lot of you have a some troubles with the machine ! well let me clarify two points:

    1- you don't need to perform any OSINT to solve the machine, all the required steps are existed in the machine itself.

    2- you don't need to "HARD guess" anything (passwords or paths) ,, you can find what you want easily in the common used wordlists.

    I hope you guys enjoyed it or at least gained some new knowledge from it , and if you need any help just ping me ;)

    Cheers !

  • I have problems to make the payload work fine. It looks that everything is correct but I can't get the reverse shell working... any hint for this? please PM and thanks in advance.

  • Anyone wanna team up for this box ?

  • @askar thx for the machine, I'm enjoying it very much, although or maybe even because I'm struggeling with the exploit right now.

  • Type your comment> @b3c0n said:

    my nc is not getting anything >< darn exploit.. help anyone ??

    i am having the same issue

  • edited September 2019

    I see that some have gotten w**-d*** shell, but is the forbidden error in the c******* part of the game? In running the published exploit?

  • @Tohzzicklao said:

    For those struggling with the correct payload to get a shell, remember bash can decode things in a certain base. Remove if it's too much info xD

    Hmmm, and that has to be carefully crafted, we don't want a rm -rf / in there ;-)

  • @toka said:

    for people struggling at getting initial shell, you have to modify your exploit code
    1) check this box's name, why it says "wall"?

    I rooted with a command left by someone else, can you PM me what the box name has to do with it?

    clubby789

    • GCIH | GCIA
      If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments, or on box release night). And remember to +respect me if I helped you ; )
  • as a dum dum, im really not getting the VERB hint. Can someone PM me some help?

  • Type your comment> @xcyp3r said:

    Anyone wanna team up for this box ?

    I'm down. i'm a rookie and not getting some of the hints here.

  • Type your comment> @godzkid said:

    anyone who has rooted it please pm me
    i am struggling to get the correct payload to get reverse shell to get command execution
    help me

    how did you managed to get that script works ? im in c***** and the script doesnt works even for a single ping

    Arrexel
    OSCP | I'm not a rapper

  • Got root. box is very slow in free servers
    user way is a strange. root way (easy) (www-data->root) match with one machine from OSCP lab.
    PM for hints

  • any hints on how to upgrade from www to root?

  • I popped the box. R00T baby!

  • This was a great box, no complaints, I learned things. Thank you!

  • Type your comment> @hiwire said:

    This was a great box, no complaints, I learned things. Thank you!

    some clue

  • I have creds for the service, but need help getting the exploit to work. I've tried formatting it in different ways/using different commands with no luck. Please PM for some direction.

Sign In to comment.