PlayerTwo

I guess we might as well start a thread for this box. Good luck.

«134567

Comments

  • Good luck everyone.

    MrR3boot
    Learn | Hack | Have Fun

  • Spotted an interesting service, but with no vulnerabilities/knowledge about the backend I'm not sure what's meant to be done.

    clubby789

    • GCIH
      If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments). And remember to +respect me if I helped you ; )
  • Is bruteforce needed on this box?

    badge
    profile: https://www.hackthebox.eu/home/users/profile/114435
    discord: Celesian#0558

  • found an interesting t***p service, but still trying to figure out how to enumerate it, or if this is a rabbit hole?

  • edited December 2019

    Got all the creds but 2fa is walling me :/

    trollzorftw

  • edited December 2019

    Type your comment> @trollzorftw said:

    Got all the creds but 2fa is walling me :/

    It's 1-2-3-4-5.

    (edit: this is a reference to a movie gag, don't mean to send anyone astray here)

  • Hum, getting a strange picture on a page, rabit hole ?

    Hack The Box

  • I'm a little lost how to enumerate t****

  • Got a set of creds, no idea how to deal with TOTP.

    clubby789

    • GCIH
      If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments). And remember to +respect me if I helped you ; )
  • edited December 2019

    Is some form of brute forcing needed to identify the t---- paths on that port it is on? That does not feel like the right approach. Or have I failed to discover something in recon elsewhere?

    Always happens. Once I finally "give in" to ask a question, I figure something out.

    The subtle shoutouts amuse me.

  • If you have done the first general scans. Creds do not require brute force. I'm thinking of the next step.

    Spiderixius

  • Type your comment> @IhsanSencan said:

    If you have done the first general scans. Creds do not require brute force. I'm thinking of the next step.

    I went back in notes and noticed few overlooked clues in recon. Tried them and found way to get creds. Those do not work in the obvious page one would try them.

    Hrm.

  • Type your comment> @trollzorftw said:

    Got all the creds but 2fa is walling me :/

    I'm in the same situation. I've gotten all the credentials, but once I find a set that works, OTP is killing me. I've been going back over my recon and looking for something I missed or places to try more recon, but so far I've got nothing. :(

  • Type your comment> @jfx41 said:

    Type your comment> @trollzorftw said:

    Got all the creds but 2fa is walling me :/

    I'm in the same situation. I've gotten all the credentials, but once I find a set that works, OTP is killing me. I've been going back over my recon and looking for something I missed or places to try more recon, but so far I've got nothing. :(

    all the creds. ... D'Oh!

  • I'm not down with OTP.

  • Type your comment> @f00l8r1t3 said:

    I'm not down with OTP.

    Apparently neither am I. :(

  • As always I do there’s no bruteforcing needed and there’s no social engineering involved. What you needed is already there. Keep playing the Game :)

    MrR3boot
    Learn | Hack | Have Fun

  • edited December 2019

    hosts

  • I can't connect to 8***, is it a loophole or my internet connection?
    Thanks.

  • does anyone have resources on pentesting 8*** because i wanna learn more about this ?
    Thanks in advance

  • Found a binary, looks interesting. Wonder how it's meant to be run.

    clubby789

    • GCIH
      If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments). And remember to +respect me if I helped you ; )
  • Found 8***, tried different injections on the forms, tried running a dict against the t***p stuff (POST and GET, no joy on either). Played around with the sessid stuff, but that did go anywhere. S*****-S****S throwing a 403 looks interesting, but im not sure how to get into it. Hunted through all the source of both sites and didnt find anything juicy. I feel lime im missing some really simple stuff.

    Anyone have any pointers or ideas? Im not thinking outside the tesseract I guess :p

  • edited December 2019

    Type your comment> @emmycat said:

    Anyone have any pointers or ideas? Im not thinking outside the tesseract I guess :p

    Did you look at a raw response from 8****?

    Edit: There is a distinct and unique keyword in that response that would be a useful Google keyword

  • Type your comment> @f00l8r1t3 said:

    Type your comment> @emmycat said:

    Anyone have any pointers or ideas? Im not thinking outside the tesseract I guess :p

    Did you look at a raw response from 8****?

    I'm in the same shoe, maybe I'm querying the 8*** wrong, but it is just an error that there is no path existing at the root. Must be missing something obvious but all the enumeration steps I usually do doesn't come back with anything.

  • Same spot. Nothing in the raw response stands out...maybe I am missing something or lacking a specific technique...but a nudge in the thread or a PM would be nice :)

  • I put that raw into Google and it only came up with one page......am I in the right place or just noobing my way through this?

    Hack The Box

  • Rooted using unintended method. I'll go back and do it legit in a couple of days, but until then here's my hints for the foothold:
    Find all running services, then read the docs
    You might have found an interesting dir, try and find a file inside of it.
    Once you have access, the first thing you get may not be right. Try a few times and you'll spot a pattern.
    To bypass the protections, go back to something that should have come up in enumeration. A bit of guessing will get you what you need.
    Experiment and extract. You may find certain things which overcomplicate it, but it's simpler than it looks (not much though).

    clubby789

    • GCIH
      If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments). And remember to +respect me if I helped you ; )
  • Type your comment> @clubby789 said:

    Rooted using unintended method. I'll go back and do it legit in a couple of days, but until then here's my hints for the foothold:
    Find all running services, then read the docs
    You might have found an interesting dir, try and find a file inside of it.
    Once you have access, the first thing you get may not be right. Try a few times and you'll spot a pattern.
    To bypass the protections, go back to something that should have come up in enumeration. A bit of guessing will get you what you need.
    Experiment and extract. You may find certain things which overcomplicate it, but it's simpler than it looks (not much though).

    This makes tons of sense. Now I just need to find the right things :) thanks man, you're a rockstar of nudges.

  • edited December 2019

    Stuck at 2FA

  • Type your comment> @f00l8r1t3 said:
    > I'm not down with OTP.
    Yeah know me!

    CurioCT

Sign In to comment.