Wall

145791027

Comments

  • Not a fan of having to brute force anything. That was a bit on the annoying side. Though getting around the CSRF was pretty fun. The next few steps were pretty standard stuff, though I did learn a few tricks. All in all it was okay.

  • edited September 2019

    I'm having trouble modifying the exploit and can't seem to get it to work. It doesn't seem to connect to my machine and I can't figure out why.

    Could somebody PM me and help me out a little bit?

    Vex20k

  • edited September 2019

    Hi,
    Can someone DM me, I got usual three results of dirbuster, but do not get c****** and /s*****-s*****. Should I wait more to finish or there is another way?
    Thanks

    nvm got needed page

  • edited September 2019

    Rooted :) Thanks @askar for the machine and nice find ;)

    First part is the most difficult, there's one challenge on HTB that could help you for the initial foothold ;)
    Second part is easy peasy if you enumerate correctly and google things that don't look common.

    Hints on the forum should be enough to complete this box but still you can DM if you're struggling :)

    Hack The Box

  • edited September 2019

    I'm struggling a bit with the loggin with the exploit, tried to modify it but seems like it isn't working...

    I got the poller t***n, and correct credentials, even the listener but my machine can't recieve any data...

    If anyone could give me a hand i'd appreciate it since I dont know what am I overlooking

  • How do you get the credentials for this c********? Brute Forcing with Burp already, but without success.

    Since there is no need to brute force, I wonder how to find out the credentials.

  • Type your comment> @Cli3nt said:
    > How do you get the credentials for this c********? Brute Forcing with Burp already, but without success.
    >
    > Since there is no need to brute force, I wonder how to find out the credentials.

    better to write your own script and be careful regarding the CRSF token

    Arrexel
    OSCP | I'm not a rapper

  • Rooted. What a piece of utter garbage.

    Hack The Box

  • Type your comment> @ad1337 said:
    > Rooted. What a piece of utter garbage.

    Damn. Why so much hate? Lol. I get @asker made a box with some annoying "walls" to climb, but in frustration comes education. When you distill this box down it exercises some pretty fundamental pentest skills. No matter your status you can never practice the fundamentals enough. So yes. This box forced you to climb some "walls" but these walls were not that major and they forced you back to basics. In that way this is a great box. I very much enjoyed the fundamental principles and practice.
  • Someonw who already rooted this can PM me? I'm totally lost. I found the php files and the login page, but I have no clue how to proceed. Also, I do not get the English class reference at all...Please someone?

  • @c1cada said:
    Damn. Why so much hate? Lol. I get @asker made a box with some annoying "walls" to climb, but in frustration comes education. When you distill this box down it exercises some pretty fundamental pentest skills. No matter your status you can never practice the fundamentals enough. So yes. This box forced you to climb some "walls" but these walls were not that major and they forced you back to basics. In that way this is a great box. I very much enjoyed the fundamental principles and practice.

    He didn't make annoying walls. He just created a self-advertisement.
    Apart from the initial foothold which was interesting and definitely had a learning-experience, the later part - and I'm especially talking about rooting the box - is totally uninspired and required zero effort (both for him and the attacker).
    It's just comes down to a random exploit, that has nothing to do with the previous findings, or requires any skill besides "basic enum". And I'm sorry to say that, but "basic enum" & browsing exploit-db is nothing that should reward you with 30 points.

    Hack The Box

  • Rooted! Thanks @zalpha & @toka . DM, if need a nudge.

  • I'm a noob, Ive found the api but can someone PM me with how to interact with it. I haven't worked with an api before. Currently I'm just fuzzing it but essentially I need some help, or a link. Thank You

  • rooted.
    Initial shell was a pain. got user and root with one exploit. not sure if it was the intended way.

    Hack The Box

  • I_Feel_Satisfied when learned the trick to bypass the wall, hope it's not a spoiler :)
    Thanks @askar

  • Can someone PM me how to brute-force c******* login page?

  • Can I please get a hint on how to deal with m********?

  • I tweaked the python exploit, it saves the payload (I can see it in the UI) but I don't get a connection back, although it works locally. Any help?

    amra13579l

  • Someone could please send some hints in PM how to twinker the python script?

  • I need a hint for the repair of the exploit please.

  • edited September 2019

    Hi guys, is there someone who can tell me how I can get the credentials for C******** ?
    I already used Hydra for bruteforcing, I tried bypassing, I tried the default credentials of the service.

    I'm stuck here for a while.

    Edit: I have found the password manually!

  • I hate when all of you talk about how easy the privesc is because that means I sit here and never figure it out and feel dumb.

  • Guys I need help please!
    is that normal that when I enter the right credentials into c****** login page , it just simply shows me the access "Forbidden page"?

  • Hello fellow hackers!
    What did everyone use to get creds for c******** ? BurpSuite takes forever, and Hydra comes back with false positives. If anyone has any resources, please pm me! Thank you!
    Happy hacking!

    Flasterootz

  • I cracked the credentials for the c******n login page but I have no idea what to do next .
    Can someone give me some hints please?

  • Type your comment> @c1cada said:

    cracked the c**********, now python CVE not working.... tested, using right ip and port , the script says it is triggering succesfully, but nothing is hitting my listener any ideas?

    Same. I just keep editing, launching, checking listener to see a blinking cursor... repeat ad nauseum. Back to editing :)

  • edited September 2019

    when running the exploit script unmodified under the ad*** account I get "You don't have permission to access /c*******/main.get.*** on this server." Same if I go in and manually try to edit the poller config. Is the correct path to modify the command in the script to bypass whatever filter they have in place that stops you from entering raw commands? Or is there another route to take to take using the A*I?

  • edited September 2019

    I am having trouble finding the credentials. I have tried numerous efforts by brute forcing with hydra, but it seems csrf is preventing me from doing so. Others have been able to discover the credentials without brute forcing the login and I would like to know what they are doing to find the creds manually.

    Edit: I was able to brute force the creds thanks to a very useful post on the forums here.

  • Not sure what I'm missing here but I can't see any c*** page. The teacher hint isn't clicking with me either.

  • What is the valid form?

    x.php:u...
    /:u....

Sign In to comment.