Json

1468910

Comments

  • edited November 2019

    Hi!

    I'm trying to get a little further for a looooong long while now, but im really stuck. So i'm reaching out to you guys.

    I know i need to use the Y******al.N** tool. But i have no idea how to use it and more importantly, where to use it. I'm fuzzing with the /a**/t**** page and think this is where i have to inject. I also generated a HTTP 500, is this where i can find my info for the serial tool?

    Can someone give me a nudge on where to inject and maybe which module to use?
    Thank you!

    -Edit:
    I think i got a little further. I know where to inject. It's the B***er if i'm not wrong. I got the system to talk back now. Just have to adjust my payload

  • edited November 2019

    i am stuck in root . i think i find correct exploit. but there is ID option which can differ depends on OS. I test this id with test script, find one value but still failed.

    Edit:
    Done. Just needed one more step

  • I have rooted this machine using a kernel exploit but I am very interested if there is another way (lets say somekind of misconfig). Pm me please in case u know

    Ch0p1n

  • I have tried all the exploit suggested by the metasploit Windows Exploit Suggester and powershell Sherklock. However, none of it can help privilege escalation. Who can PM me which exploit I can use to do windows privilege escalation?
  • Finally, rooted. Thanks a lot for the help!
  • After a nudge for the initial foothold, I’ve found the p******.t** file (think it’s useless) and have tried username enumeration (attempting to get a different http response but to no avail). Not quite sure if i’m looking in the right places

    l4m4l

  • Hi everyone,

    Stuck on initial foothold.
    General noob question:
    Is it correct of me to presume that obtaining the username + password for the logon page is essential before considering sending any form of payloads?

    Always happy to help others and remember to +respect me if I helped you ; )

  • Type your comment> @acidbat said:

    Hi everyone,

    Stuck on initial foothold.
    General noob question:
    Is it correct of me to presume that obtaining the username + password for the logon page is essential before considering sending any form of payloads?

    Yes, it is.

    bumika

  • Type your comment> @bumika said:

    Type your comment> @acidbat said:

    Hi everyone,

    Stuck on initial foothold.
    General noob question:
    Is it correct of me to presume that obtaining the username + password for the logon page is essential before considering sending any form of payloads?

    Yes, it is.

    Cheers :)

    Always happy to help others and remember to +respect me if I helped you ; )

  • Hi
    User: I can ping myself but can not get reverse shell using powershell and DownloadString method please Help me

  • user: main problem is to do it without installing windows VM
    root: took 20 minutes, too easy :(

  • Hey there,

    I have generated a payload using ys#s##al
    However when trying to send the payload using burp I get the following message:
    {"Message":"An error has occurred.","ExceptionMessage":"Invalid format base64","ExceptionType":"System.Exception","StackTrace":null}

    Bit confusing since the format is base64...

    Always happy to help others and remember to +respect me if I helped you ; )

  • edited November 2019

    For the inital foothold I managed to create a ping payload which works, but I fail to create a payload that would either give me a rev shell back or transfer files to victim. Can someone give me a nudge on getting the payload right?

    UPDATE:
    rooted!
    User: When constructing the payload, think about special characters.
    Root: Nothing really to add here. A lot of hints already here in the forums.

    Arrexel

  • LOST. Just... lost.
    Intercepting requests, see the potential attack vector. Not sure how to actually execute it.
    Please could someone PM me to discuss... Really stumped with this one.

  • I have been trying so many things with no luck. Will anyone help me out with the initial foothold? DM me please?

  • edited November 2019

    I need a help with the payload ys ........ net my command line P ........ shell is a batch command so I could not operate without the "" that are necessary for the batch

    solved

  • edited November 2019

    I had problems with the intended privesc route, but I checked it again after rooting and it is definitely very easy. No need for veggies here. If you use j*, make sure you know which format to give it or it will complain without giving a very useful error message.

    Thanks @Cyb3rb0b, had a lot of fun with this one. Initial foothold was one of the first tricks I learned about when I was just getting into infosec and it was very cool to get to use it.

  • edited November 2019

    hey, im trying a simple ping, dont get anything, is the machine broken or my payload ?

    edit: works now

    peek

  • Finally rooted.
    Wow that was a journey.
    Thank you @Cyb3rb0b for that challenge.
    A very big thank you to @parteeksingh for helping me out on the last steps :)

    Happy hacking folks :)

    Always happy to help others and remember to +respect me if I helped you ; )

  • ch4ch4
    edited November 2019

    hey, so then it is me :D

    I am trying to get the payload to work. Feel like i have tried to edit in all ways in order to get the yso... payload to work. Just cant get it to work.

    Can someone help me out? PS: i am not using a Windows VM :)

    would be happy for a PM to help me out :)

    0byte

  • Can someone provide a nudge on Priv Esc? I know what the exploit is. But not sure why, the exploit keeps failing. Stuck on this from long time. :/

  • Can someone throw a hit where to read... found that /a***/*****n page which works with json... but dont understand how i can get any credentials info out of it? just bruteforce password?

  • I rooted the box, but don't know why that vegetable worked can anyone PM me for help?

  • Hi, finally rooted this machine.
    If someone used the "vegetable" to priv, can explain me why? I found another way. But I can understand when I can use the "vegetable".

    If you need help, p.m. for hints.

    Hack The Box Hack The Box

  • edited November 2019
    I got the user.
    I'm trying to decrypt f***z**** pass. I tried with many wordlist but still don't get anything out of it. What am I missing?

    EDIT:
    Rooted with veggies in the end!

    Hack The Box

  • I can't to figure out how to compile and use ys*******.n** . Anyone willing to help me out... :-) DM me please...

  • edited November 2019

    Type your comment> @Hav0k said:

    I can't to figure out how to compile and use ys*******.n** . Anyone willing to help me out... :-) DM me please...

    Many tools use ViSual displays for their code and its easier with a studio to work in

    *I should mention this is as far as I have gone

  • Type your comment> @zeroes said:

    Type your comment> @Hav0k said:

    I can't to figure out how to compile and use ys*******.n** . Anyone willing to help me out... :-) DM me please...

    Many tools use ViSual displays for their code and its easier with a studio to work in

    *I should mention this is as far as I have gone

    Usually on github there is a release tab which has taken cared of this for you already. :)

    Always happy to help others and remember to +respect me if I helped you ; )

  • Type your comment> @acidbat said:

    Usually on github there is a release tab which has taken cared of this for you already. :)

    TIL

Sign In to comment.