Oouch

135

Comments

  • hi, do I need brutforcer flask?

  • Just got user. Respect to @zaBogdan for the help. Initial enum is really important.
    For root, I do understand what should be exploited.
    Seems like another user is needed to send meaningful messages.
    Should I found an RE on the wb s****r?
    Thanks for any nudge!

  • Type your comment> @cotonne said:

    Just got user. Respect to @zaBogdan for the help. Initial enum is really important.
    For root, I do understand what should be exploited.
    Seems like another user is needed to send meaningful messages.
    Should I found an RE on the wb s****r?
    Thanks for any nudge!

    Oh! I missed something obvious.... ><

  • Rooted.

    In my opinion this box could be considered insane. Thank you @qtc your skills are really impressive.

    User hint: Enumeration and understanding the logic behind the applications. Anyway, my real hint is to study everything you'll find (if you haven't seen it already) to get to the solution.

    Root hint: Enumeration. In my opinion it's an insane machine, and you have to try hard. Look at what's going on in the processes, understand how the applications communicate, and find a way to execute commands from one side to the other. Use google even this time.

    Hack The Box

  • Anyone want to help me move forward on this? I have the the thing, but all it seems to do is disconnect my other guy? any tips??

    Magavolt

  • Type your comment> @Chr0x6eOs said:

    I see a possible vuln, but the WAF does not seem to like my attempts at all...

    Got a response... Now trying to get something useful...

    I only got response once. After that nothing. So my plan to connecting to another account still stuck.

    This behavior is worse than bank robber machine.

    Any hint for this?

  • *Spoiler Removed*
  • Type your comment> @bertalting said:

    any one following the hackerone article ?

    which one?

  • Woooh! What a ride! Fantastic box!
    Thanks to the author.
    For root: the hint is in front of you as long as you can become user :)
    See you!

    image
    Click here for HTB Profile: You are welcome to contact me for a nudge, but if I help you, please consider giving respect.

  • Just got user :smiley:
    I really love the real-world relevance to this part - onwards to root!

  • Anybody willing to give me a nudge on foothold?

    I believe I know what technologies are at play and I know what the name of the box is referring to. I even tried a promising exploit on the co***ct page regarding the name of the box but it didn't work.

    Would appreciate a nudge!

    Hack The Box

  • Should not i be able to login somewhere as my customer account using connected auth account? If you willing to clarify how things work in this machine, i can pm my steps.

  • Thanks, @qtc :smiley: Road to root was enjoyably frustrating and learned alot! My favourite box so far :smiley:

  • rooted.
    This box is incredibly amazing but is definitely not a hard box, is fucking insane and complex.
    Very good and hard work behind, @qtc (and try if possible to re-rate this box to 50 points please xD)

  • edited March 2020

    Rooted ... But man what a frustrating box. Honestly whoever ranked this box "Hard" was not thinking straight. Just to get user requires you to learn every unrealistic attack on OA*** there is. And there is a guessing part, which shouldn't be a thing.
    There are many stability issues on the website that I ran into a lot. I wish there were more "helpful hints" along the way. It made the learning experience not enjoyable.

    godylocks

    If you like my advice, please give me some respect! Thanks!
    Message me on discord: godylocks#5721

  • edited March 2020

    OFF: "Type your comment" - forum engine seems to be a little bit strange, never touched the "Post comment" button, but sometimes just browsing the forum posts the default "Type your comment" message here. idk, why... :)

  • edited March 2020

    Rooted. Special thanks goes to @seekorswim and @lorenzooo, for nudging me to the right path. I can't belief I got stuck on something so obvious in retrospect. Great box, user part very clean, root part very dirty, haha.

    I thought it was very difficult, but it gave me a good lesson in staying zen and perseverance.

    Hack The Box

  • I am buried in the privesc on this box. (I think I agree with @Lorenzooo - it feels like an insane box).

    I am trying to get a python2 exploit to run in a python3 environment but failing drastically.

    Has anyone else managed this or have I gone barking up the wrong tree?

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Rooted
    It was a great journey.

    this box is not hard It is absolutely INSANE. Thanks to @qtc for great box
    pm for hints.

  • Hi all; am now on the "admin" page and have quite some new information; I think I know in general what I would like/need to do next but I cant put the pieces in place yet. some nudge in the right direction would be highly appreciated. pm for hints. thanx

    zaphoxx

  • edited March 2020

    So I cleared my previous hurdle thanks to @hatsat32 - the primary lesson is to not rely on tools to convert. Yes I am an idiot.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Rooted! Root is not so hard but user is interesting and nice. Thanks for supporting @onurshin and @seekorswim.

  • Rooted. Thank you @qtc for an awesome ride of ups and downs :D Really enjoyed that box and learned a ton from it :)


    Hack The Box
    GREM | OSCE | GASF | eJPT

    Feel free to PM me your questions, but please explain what you tried, so far.

  • whoami

    root

    id

    uid=0(root) gid=0(root) groups=0(root)
    Great Box ! Enjoyed it & definitely learned a lot from it !

    EvilT0r13

  • Finally rooted; great box! Enjoyed user part most and learned a lot new stuff with user and root; thanks @qtc

    zaphoxx

  • WTF!!!!!!!!

    Rooted, this machine was very fucking painfull

    my hints:

    user: try to understand every single request about web apps. Enum without extensions (I hope you know why). Try to understand how the apps are generating the access. Practice with more than one user. When you get it, send the url with the form that could has communication with admin. Remember close session and get in again. Start again to find more paths over apps. At this point try to get some research about o***h on d****o and verify what request you can do. This part take me too much time. Put attention on response headers and get too much fuzzing over apps

    Root: this was pretty hard. The vector escalation was based just verifying process.

    I hope that I didn't spoil nothing

    My total admiration for QTC. THX

  • edited April 2020

    Can anyone drop me a hint on foothold? Only thing interesting I've seen so far is "Hacking Attempt Detected" on /c****** page lol. Got info about tech stack from low port...

    Edit: Wasn't using enough wordlists for initial enum, found interesting endpoint o****. Still could use a nudge though :neutral:

  • anyone to help with o**** endpoint ?

  • edited April 2020

    Rooted! I really liked the box. It's incredibly well thought out, but it's also a pain in the ass.
    I think that an insane rating would be better, as other say.

    Massive thanks to @qtc for this great box.
    Also for @Chr0x6eOs for his great help!

    If someone need a nudge, please clearly describe the phase you are in.
    You can pm me.

    an0nnnym0u
    Did I help you? Please return the favour and +1 respect me
    https://www.hackthebox.eu/home/users/profile/177580

  • Big thanks to all, who share their knowledge with other people!
    [email protected]:~#

    myrtle

    To contact me, please use Discord Myrtle#5162

Sign In to comment.