I am onto root, I can see the odd process, but i can't execute it, download it or dump it. Is there some other way to interact with it, that i'm missing?
Edit: Found what to do with it (thanks to @keyos1 ), but i can't forward anything to me, as some have suggested in the post. Any nudges?
For asking help, please describe what you have tried so far, so i don't spoil too much.
If you believe i was able to help, please provide feedback by giving respect: https://www.hackthebox.eu/home/users/profile/122308
On average, how much did you guys wait for the initial foothold to trigger?
I'm havin' trouble triggering just the expected behaviour from the application...
I can get a ping back. No other command executes, trying to encode the commands but having difficulty in encoding all those quotes in a reverse shell. Any advise.
I can get a ping back. No other command executes, trying to encode the commands but having difficulty in encoding all those quotes in a reverse shell. Any advise.
Google:
nishang
powershell reverseshell ippsec
For asking help, please describe what you have tried so far, so i don't spoil too much.
If you believe i was able to help, please provide feedback by giving respect: https://www.hackthebox.eu/home/users/profile/122308
I spent far too much time on Priv Esc due to a missing character white space character in my script, assumed it didnt work and went back into enumeration phase
My hint for rooting is that after you find the thing to exploit, take the instructions it gives you literally ... its not a riddle.
I think also, I took a non standard path to user as I did not need to use "b**************.**p" to get the reverse shell.
I can get a ping back. No other command executes, trying to encode the commands but having difficulty in encoding all those quotes in a reverse shell. Any advise.
This was an absolute challenge for my skills, and sometimes beyond. Thank you for the nudges to @Adam2019 and @kareem. Thank you to @gioo and cneeliz; very nice work!
The slight instability of the box is - somehow - reflecting a real life situation. You are sending a payload and nothing happens. Is it a mistake in the payload or the wrong payload at all ... or do you have to calm down and wait a bit.
i understand what the creator is trying to emphasize in bankrobber and also how the attack works, but it is not normal, that you have to wait for the payload to come or not come back for so long time.... I am giving up on this, same payload is not returning anything even it did previous day I am talking about the backd******** script. Sorry really frustrating, it is bingo or lottery.
i understand what the creator is trying to emphasize in bankrobber and also how the attack works, but it is not normal, that you have to wait for the payload to come or not come back for so long time.... I am giving up on this, same payload is not returning anything even it did previous day I am talking about the backd******** script. Sorry really frustrating, it is bingo or lottery.
I agree, I think the initial part should be patched - borderline unplayable even after revert.
Sadly, I quote all complains regarding the client-side. Please next time allow at least to write into outfile (let's say I am an user and I escalate to root > now I can into outfile) so I can run my rce without waiting fourinfinite ....... minutes.
/edit I think also, I took a non standard path to user as I did not need to use "b**************.**p" to get the reverse shell.
User: enumerate application and fuzze the forms. You will find some useful things. Capture creds and then try to modify the attack and get more softistcations to get a shell
Root: Enumerate as usual and try to exploit the bank.
My first insane box, and it did drive me a little crazy at times, but I am glad to finally have this rooted. Massive thanks to @HAL9000B for helping me get user, and @Moindjaro for giving me the hint needed for root. Also, thanks to @Gioo and @Cneeliz for a good learning experience.
Now for my hints. INITIAL FOOTHOLD
- Focus on Sesame Street's compulsive eater to get started.
- Being a little "excessive" will give you more privileges.
USER
- Use what the higher privilege has available, but remember to be a bit more excessive and place what you need to give you more direct access.
- Sometimes those one-liners come in handy.
ROOT
- Open your ears to "marathon participants".
- It's best to move "forward" and work from "home".
- Damn, my keys are sticking. Keeps printing out long lines of text...
- Use your initial way in to open another door.
If there are any spoilers here, please let me know, and I'll revise my hints.
As always, PM here on the forum or on Discord for help (Not the HTB site!!). Tell me your progress so I can avoid spoilers ("Can I get a hint/nudge on Bankrobber" is not progress and is too vague!).
Anyone has any hints for user ?
Enumerated a bit a found the user and password are getting base64 ecnoded while you have the ability to send money and you already know your ID - this way you could send money to users and confirm if they are existed but im not sure about that - an hint would be nice - So i thought of ID hopping and getting information this way
Not sure about anything yet
I am also still working on getting a foothold on user. I too have noted how id can be enumerated given how authentication is performed in user pages. After much busting'n'fuzzing I am not (yet?) seeing how admin pages can be accessed and given one of the js files would seem to be necessary for host user foothold. (Hope not too vague but not spoiler here.)
i am new in this machine.. i am unable to find the way for the user... what should i do pls help me
This is such a time-suck. The "user" simulation is flaky and scripts may or may not get executed - but either way, it takes too long. More value in watching Ippsec use the same techniques on previous boxes.
Comments
fun box, initial part was way more complex then they privesc, but that didnt make it less fun though
Thanks for a wonderfull few days !
-All hail the Potato-
Fun indeed! Rooted. Thanks for all the learning opportunities. Thanks for the hints folks.
I am onto root, I can see the odd process, but i can't execute it, download it or dump it. Is there some other way to interact with it, that i'm missing?
Edit: Found what to do with it (thanks to @keyos1 ), but i can't forward anything to me, as some have suggested in the post. Any nudges?
For asking help, please describe what you have tried so far, so i don't spoil too much.
If you believe i was able to help, please provide feedback by giving respect:
https://www.hackthebox.eu/home/users/profile/122308
rooted! did not enjoy it as other Windows boxes! message me if you need help
On average, how much did you guys wait for the initial foothold to trigger?
I'm havin' trouble triggering just the expected behaviour from the application...
I can get a ping back. No other command executes, trying to encode the commands but having difficulty in encoding all those quotes in a reverse shell. Any advise.
Type your comment> @shah316 said:
Google:
nishang
powershell reverseshell ippsec
For asking help, please describe what you have tried so far, so i don't spoil too much.
If you believe i was able to help, please provide feedback by giving respect:
https://www.hackthebox.eu/home/users/profile/122308
Rooted.
I spent far too much time on Priv Esc due to a missing character white space character in my script, assumed it didnt work and went back into enumeration phase
My hint for rooting is that after you find the thing to exploit, take the instructions it gives you literally ... its not a riddle.
I think also, I took a non standard path to user as I did not need to use "b**************.**p" to get the reverse shell.
Thanks @gioo & @cneeliz
Click here for HTB Profile: You are welcome to contact me for a nudge, but if I help you, please consider giving respect.
Type your comment> @tang0 said:
Thanks got user.
Oh… @#($*& … FINALLY! Root. Cripes. ლ(ಠ益ಠლ)
Learned a lot and finally rooted.
This was an absolute challenge for my skills, and sometimes beyond. Thank you for the nudges to @Adam2019 and @kareem. Thank you to @gioo and cneeliz; very nice work!
The slight instability of the box is - somehow - reflecting a real life situation. You are sending a payload and nothing happens. Is it a mistake in the payload or the wrong payload at all ... or do you have to calm down and wait a bit.
Am stucked in root. need hint please
i understand what the creator is trying to emphasize in bankrobber and also how the attack works, but it is not normal, that you have to wait for the payload to come or not come back for so long time.... I am giving up on this, same payload is not returning anything even it did previous day
I am talking about the backd******** script. Sorry really frustrating, it is bingo or lottery.
Type your comment> @baubau said:
I agree, I think the initial part should be patched - borderline unplayable even after revert.
i'm in the initial foothold and the box isn't sending to me the data i want... anyone to talk about?
If anyone want to hint me too please DM. I can get files onto the box, just can’t world out how to make them execute.
Sadly, I quote all complains regarding the client-side. Please next time allow at least to write
into outfile
(let's say I am an user and I escalate to root > now I can into outfile) so I can run my rce without waiting fourinfinite .......
minutes./edit
I think also, I took a non standard path to user as I did not need to use "b**************.**p" to get the reverse shell.
Bloody hell I fell like a noob again..
Got Root ........ Good box !!
Excellent box I really enjoyed.
My Hints
User: enumerate application and fuzze the forms. You will find some useful things. Capture creds and then try to modify the attack and get more softistcations to get a shell
Root: Enumerate as usual and try to exploit the bank.
This machine remember me the OSCP. Awesome
I'm in as user. Anyone for hints about privesc?
Can someone PM me for a nudge.. Ive found a few vulns for user but the exploit I have crafted doesn't seem to be working. Cheers
root: Please tell me that it's brute, not RE with bank....exe
rooted
buggy, laggy, but still AWESOME machine. Thanks @Gioo!
My first insane box, and it did drive me a little crazy at times, but I am glad to finally have this rooted. Massive thanks to @HAL9000B for helping me get user, and @Moindjaro for giving me the hint needed for root. Also, thanks to @Gioo and @Cneeliz for a good learning experience.
Now for my hints.
INITIAL FOOTHOLD
- Focus on Sesame Street's compulsive eater to get started.
- Being a little "excessive" will give you more privileges.
USER
- Use what the higher privilege has available, but remember to be a bit more excessive and place what you need to give you more direct access.
- Sometimes those one-liners come in handy.
ROOT
- Open your ears to "marathon participants".
- It's best to move "forward" and work from "home".
- Damn, my keys are sticking. Keeps printing out long lines of text...
- Use your initial way in to open another door.
If there are any spoilers here, please let me know, and I'll revise my hints.
As always, PM here on the forum or on Discord for help (Not the HTB site!!). Tell me your progress so I can avoid spoilers ("Can I get a hint/nudge on Bankrobber" is not progress and is too vague!).
Discord: AzAxIaL#8633
Type your comment> @maxmuxammil said:
I am just starting bankrobber machine .. is there any hint that i can get....
Type your comment> @ue4dai said:
i am new in this machine.. i am unable to find the way for the user... what should i do pls help me
Rooted! Thanks @Gioo and @Cneeliz.
Thanks for the help to @CHUCHO , @q1Z and @AzAxIaL .
¯\_(ツ)_/¯
Spoiler Removed
This is such a time-suck. The "user" simulation is flaky and scripts may or may not get executed - but either way, it takes too long. More value in watching Ippsec use the same techniques on previous boxes.
is anyone actively working on this box ?
I would like to discuss the approach for user-shell.
Hi, i am stuck with initial foothold. Need some guidance.