Rooted! Thanks to jlsangom for the reminder to check for things to edit on files I was using...
For the foothold I was following guides from two different places and both of them had at least one incorrect instruction. The hardest part was figuring out what commands to follow from each.
Feel free to PM me if you're getting stuck in the same place
Rooted!
Low-level shell is the hardest part. Google for vulnerabilities and try to exploit it in manual mode, step by step.
User: enumerate, find is your friend.
Root: common CVE, can be easily exploited
Feel free to DM me, if you need some hints
Guys, Please, tell me - if it possible to learn smth new or to get any experience if box is reset every fu...ing 3 minute? Why are you doing so? Maybe if smth goes wrong its not the way out to reset and to start it from the beginning? May be its time to sit and to think a bit what am i doing wrong? It's a kind of mess - trying to get fu...ing low-level shell when ping is lost, box is reset, etc...
P.S. Sorry for emotions - a bit tired of this.
alright im lost yall ive tried all the exploits and saw here that the scripts need to be fixed so ive read them and dont see anythin that stands out i have no experience in C but my python is alright can i get a pm with some direction? i try not to ask for help but im really frustrated
Edit: rooted good god. i hate it when i finally figure it out and want to punch my own stupid face lmao.
I am having issues getting the initial foothold. I found a cve for w***** but I can't seem to get a session created even though the exploit is running. Did anyone else have this issue? Maybe I need to think about it differently?
I feel like I've tried everything. I'm try to add s** k** to the correct path using r*-c. I keep getting permission denied and I have spent hours trying to figure out how to enumerate users or directories? Can someone please DM me a hint??
Rooted. Also got root and user at the same time. Initial foothold was difficult and required a lot of learning about the service. From there, common CVE, like mentioned in other posts, just make sure to type everything in accurately and think about dumb things users do.
All in all, it was interesting learning to gain initial foothold without a common tool.
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
Guys..i get:
"Connection closed by 10.10.10.160 port 22"
Do you have any suggestions ? Is it possible that i was blocked by too many attempts ? I did only 3 attempts though..
Hey Hackers. I need a nudge please. I've enumerated and found two ports that look more interesting than the others one runs a service starting with r the other starts with w. I've found a few articles on r that point to creating an authorized_keys file. which seems to work, but when I ssh i'm prompted for a password I'm guessing the username is the same r word as the service? I'm pretty confident the users home dir is not in the usual place. Can't figure out where I'm going wrong.... some have mentioned the hackers cookbook has a working example but i don't have that pdf.
Please DM me if you think you know where i'm going wrong or can offer general guidance.
Chur
Guys..i get:
"Connection closed by 10.10.10.160 port 22"
Do you have any suggestions ? Is it possible that i was blocked by too many attempts ? I did only 3 attempts though..
Hey Hackers. I need a nudge please. I've enumerated and found two ports that look more interesting than the others one runs a service starting with r the other starts with w. I've found a few articles on r that point to creating an authorized_keys file. which seems to work, but when I ssh i'm prompted for a password I'm guessing the username is the same r word as the service? I'm pretty confident the users home dir is not in the usual place. Can't figure out where I'm going wrong.... some have mentioned the hackers cookbook has a working example but i don't have that pdf.
Please DM me if you think you know where i'm going wrong or can offer general guidance.
Chur
meh - ingore - i was being super noob and forgot to add a required directory to the path where you'd find an authorized_keys file lololol
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
Hello, i trying use exploit for postman(webmin) but when i have use exploit i have error "
[*] Started reverse TCP handler on 10.0.2.15:4444
[-] Exploit aborted due to failure: unknown: Failed to retrieve session cookie
[*] Exploit completed, but no session was created.
i use kali on VM, what i do wrong? I tried to do it with the help of burpsuite, but despite the fact that there are a lot of solutions in the net with his help, something does not work for me: D, otherwise using the guide is pointless.
i use kali on VM, what i do wrong? I tried to do it with the help of burpsuite, but despite the fact that there are a lot of solutions in the net with his help, something does not work for me: D, otherwise using the guide is pointless.
Is this for the final step of privesc or initial foothold.
If its the initial foothold, you might want to show options and check you have everything you need for the exploit to work.
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
Comments
Rooted! Thanks to jlsangom for the reminder to check for things to edit on files I was using...
For the foothold I was following guides from two different places and both of them had at least one incorrect instruction. The hardest part was figuring out what commands to follow from each.
Feel free to PM me if you're getting stuck in the same place
Rooted! fun box, learned a ton.
Foothold: the target service can be broken in multiple ways, if one way isn't working then try and find another. Some methods are easier than others.
User: Just beacuse you don't have the flag doesn't mean you didn't own user.
root: Don't overcomplicate this one, everything's in front of you. No need to do anything fancy.
pm for nudges
Rooted!
Low-level shell is the hardest part. Google for vulnerabilities and try to exploit it in manual mode, step by step.
User: enumerate,
find
is your friend.Root: common CVE, can be easily exploited
Feel free to DM me, if you need some hints
Spoiler Removed
Rooted. Everything seems to be said in this thread. For hints just PM me
Guys, Please, tell me - if it possible to learn smth new or to get any experience if box is reset every fu...ing 3 minute? Why are you doing so? Maybe if smth goes wrong it
s not the way out to reset and to start it from the beginning? May be it
s time to sit and to think a bit what am i doing wrong? It's a kind of mess - trying to get fu...ing low-level shell when ping is lost, box is reset, etc...P.S. Sorry for emotions - a bit tired of this.
alright im lost yall ive tried all the exploits and saw here that the scripts need to be fixed so ive read them and dont see anythin that stands out i have no experience in C but my python is alright can i get a pm with some direction? i try not to ask for help but im really frustrated
Edit: rooted good god. i hate it when i finally figure it out and want to punch my own stupid face lmao.
I am having issues getting the initial foothold. I found a cve for w***** but I can't seem to get a session created even though the exploit is running. Did anyone else have this issue? Maybe I need to think about it differently?
Same. Im frustrated and full of hate. Need initial foothold and tried everything
I feel like I've tried everything. I'm try to add s** k** to the correct path using r*-c. I keep getting permission denied and I have spent hours trying to figure out how to enumerate users or directories? Can someone please DM me a hint??
Rooted!
Feel free to DM me if you need a hint
-------- xOkami --------
hey guys!!
im a noob i need some hints i found the exploit but it seems missing few things if anyone can DM to help me
Rooted. Also got root and user at the same time. Initial foothold was difficult and required a lot of learning about the service. From there, common CVE, like mentioned in other posts, just make sure to type everything in accurately and think about dumb things users do.
All in all, it was interesting learning to gain initial foothold without a common tool.
Rooted, Fun box!
Foothold: the door your key is for might not be where you think it is
User: find the file give it to john
Root: fedex carries these
Rooted!
Seriously, once you have foothold, just look through everything. You will find something of interest. It is just laying around.
Hi am Noob i need some hints .. i found exploit, it says system.exec not found. Please help.
did u find r***s.py ?
@Nonamex7 said:
Depends which exploit you've found. If it is one early one which needs credentials, you need to get the credentials.
Note: https://www.nohello.com/
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
Guys..i get:
"Connection closed by 10.10.10.160 port 22"
Do you have any suggestions ? Is it possible that i was blocked by too many attempts ? I did only 3 attempts though..
Rather enjoyed this machine thanks to the builders!
Hey Hackers. I need a nudge please. I've enumerated and found two ports that look more interesting than the others one runs a service starting with r the other starts with w. I've found a few articles on r that point to creating an authorized_keys file. which seems to work, but when I ssh i'm prompted for a password
I'm guessing the username is the same r word as the service? I'm pretty confident the users home dir is not in the usual place. Can't figure out where I'm going wrong.... some have mentioned the hackers cookbook has a working example but i don't have that pdf.
Please DM me if you think you know where i'm going wrong or can offer general guidance.
Chur
Type your comment> @Destroyervg said:
yeah that happens sometimes keep trying
Type your comment> @marchitect said:
meh - ingore - i was being super noob and forgot to add a required directory to the path where you'd find an authorized_keys file lololol
finally rooted!
I didn't get Mt's shell. Is there any other ways r***s - Mt - root ?
@snowleaf said:
The privesc opens the doors for shells, if nothing else you can do it with MSF.
Note: https://www.nohello.com/
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
I have read hint after hint and cannot seem to gain access to the initial shell using re***. If anyone can PM me that would be great!
Hello, i trying use exploit for postman(webmin) but when i have use exploit i have error "
i use kali on VM, what i do wrong? I tried to do it with the help of burpsuite, but despite the fact that there are a lot of solutions in the net with his help, something does not work for me: D, otherwise using the guide is pointless.
Hello.
I start the hacking...
The first step is w****n no ?
@Reverse87 said:
Is this for the final step of privesc or initial foothold.
If its the initial foothold, you might want to
show options
and check you have everything you need for the exploit to work.Note: https://www.nohello.com/
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.