Json

1356710

Comments

  • Anyone rooted using ****zilla? Need a little nudge with the xml file

  • edited October 2019

    Anyone has a hint for me, how to use this tool? Don't know where to start with it...
    Found the mentioned webpage and parameters.

    Please PM me.

  • get at me if you want to talk about the heath ledger stuff.
    happy to help because on arkham and this lesser beast it was 'A Real Thing' to deal with.
    and also it's pretty, uh, pretty good.

    BlessUp

  • as my username suggests, I would like to learn what I need to do for this box. Can anyone suggest some reading materials or something similar to this? thanks

    Hack The Box

  • anyone help me with this box i am not able to get initial foothold, i am missing some thing here in the box any hint please.

    Hack The Box
    If i helped you and tried to explained you! just give me a respect. click on the img to get my profile link.!
    Profile : https://www.hackthebox.eu/home/users/profile/17564

  • Rooted. What a pain in the ass this box was. Did anyone manage "NOT" to use a separate VM windows box for that "yso" tool?? I had more problems setting up a VM than I did rooting this box. If you manage to create a payload without windows machine, please let me know. Thank you

  • Type your comment> @johnnyz187 said:

    Rooted. What a pain in the ass this box was. Did anyone manage "NOT" to use a separate VM windows box for that "yso" tool?? I had more problems setting up a VM than I did rooting this box. If you manage to create a payload without windows machine, please let me know. Thank you

    I used vi with payload by adjusting array item, encoding output and pasted into burp. What was odd was the final payload I needed to add an extra white space at the beginning for it to execute ie after /c . No idea why the double white space worked but single failed every time.
    No windows required just create a bash script with above

  • really good box, went smooth. I liked it !

  • I hate you.
    But also, +1
    May have some Qs for you.

    Type your comment> @sbridgens said:

    I used vi with payload by adjusting array item, encoding output and pasted into burp. What was odd was the final payload I needed to add an extra white space at the beginning for it to execute ie after /c . No idea why the double white space worked but single failed every time.
    No windows required just create a bash script with above

  • edited October 2019

    I know how to generate the payload and where to send it. However due to extreme windows unfamiliarity syndrome, I'm not sure what command to send XD some nudge would be appreciated...

    edit: nevermind, got user :) now onto root...

    edit2: and yes, you don't really need the VM if you found the page for y************ and know what you're doing.

    edit3: and easy root the vegetable way... but I don't understand how the vegetable works :( so need to keep spending more time on this

  • edited October 2019

    tried 620k usernames without success. is it worth brute forcing more?
    EDIT: got it.

  • @an0n said:

    tried 620k usernames without success. is it worth brute forcing more?

    Nope. It's a default user/pass

    clubby789

    • GCIH
      If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments, or on box release night). And remember to +respect me if I helped you ; )
  • Type your comment> @clubby789 said:

    @an0n said:

    tried 620k usernames without success. is it worth brute forcing more?

    Nope. It's a default user/pass

    thx. didnt need it. ;)

  • Does anyone fancy teaching me the way to get onto the box, JSON is not my strongest area, neither are windows payloads. If anyone is up for a teaching moment I would really appreciate it :) Please PM me if you would like to help. Respect will obviously be given.

    Hack The Box

  • edited October 2019

    I can run reverse ping, but I tried a lot of commands to download from Windows and can not do it. Can someone help me with this?

    Nvm, got shell and user with help of @parteeksingh

  • Rooted
    Very cool CTF
    Thank you

  • edited October 2019

    Currently fighting with the payload for user, trying to get anything else than a ping. Now trying to get my payload through with SMB. Has anyone done it this way, or have I been going down a rabbit hole those last few hours ?

    edit : Jeez, way to overcomplicate things -_- Really gotta work my windows-fu ... onto root, now !

  • edited October 2019

    Got user.. 3-4 minutes from payload to receiving rev shell.. didn't expect to receive it already and then it pops up.
    Can't add anything for User, there are enough hints in this thread. if you know/found yso**** thing and found where to apply it, then you probably almost there

    rooted: definitely needs vegetables

  • anyone used ys******l on kali, if you managed a way to do that on kali please PM me

    N3v3r Giv3Up, 3v3ry th!ng !s p0ss!ble .

  • edited October 2019

    rooted, learned a lot.

  • Type your comment> @Isyber said:

    anyone used ys******l on kali, if you managed a way to do that on kali please PM me

    Same here! I am looking for a way to construct the payload without resorting to setting up a Windows VM (is compilation required too?). Please PM if anyone knows how to do it in kali.

  • @zelensky said:
    Type your comment> @Isyber said:

    anyone used ys******l on kali, if you managed a way to do that on kali please PM me

    Same here! I am looking for a way to construct the payload without resorting to setting up a Windows VM (is compilation required too?). Please PM if anyone knows how to do it in kali.

    Having a windows VM isn't so bad, it is super helpful and probably something everyone should have anyway, right? There's no compilation required, just grab a release zip.

  • edited October 2019

    @zelensky said:
    @Isyber said:

    anyone used ys******l on kali, if you managed a way to do that on kali please PM me

    Same here! I am looking for a way to construct the payload without resorting to setting up a Windows VM (is compilation required too?). Please PM if anyone knows how to do it in kali.

    Just use what's already on the tool web page.

  • Got user still work on root
    hint for user-The friday 13th
  • Do I need to enumerate the APIs I've found somehow? I have found the creds. Trying to avoid asking too much info but I'm a bit stumped with the next step.
  • Rooted at last, nice stable box. User can be a bit tricky especially when using tools you've never used before. Not sure if i rooted the right way though because it seemed too easy. Never used the credentials I found anywhere.

  • locked in last part... no way to have a juicy session. Hints are well accepted!!!

  • Rooted. Feel free to reach out if you're stuck.

  • Rooted finally. One helpful tip don't forget to reset the box if nothing seems to work. Understood it after 5-6 hours.

  • Nice box, user was a pain but only because I was tripping myself up with stupid mistakes. Root was very easy, especially when you consider how lovely @TsukiCTF is :)

    Mech

Sign In to comment.