# id uid=1000(qtc) gid=1000(qtc) euid=0(root) groups=1000(qtc)
Big thanks to qtc for ruining 3 days of my life learning about o****. You more than made up for it on the journey to root which I thoroughly enjoyed.
Also #respekt to the many folks that nudged me along the path to user (you know who you are).
Hints:
For user... if you are like me you will want to rage quit- and that just when you do your initial research. This box is meant to get us outside our comfort zone and force us to learn about stuff that we would never otherwise learn naturally. Because of this, the web is now both safer and more dangerous.
For root... Basic enum and google search should get it.
Finally, I did it. Oh man, what a pure pain machine. First of all, thanks to @qtc for his support and the appropriate nudges at each moment and for creating this awesome machine. Also, @rawa gave me some ideas.
On the other hand, this is an insane fucking machine, you need to know about everything to get the flags. For me, the root part was too hard and very dirty. It was a ride on hell-like.
These are my hints.
User:
* The machine name is a hint about the initial protocol.
* Examine each request and response in every step of the authorization process. Use tools for that.
* There is one type of attack that you have to look for.
* Don't use the contact page as a way to connect back, this is an insane machine. It can't be so easy.
Root:
* Here starts the hard part.
* Look for the processes that are running on the machine.
* Discover how the infrastructure has been created and take a look around.
* When you know where you are, take a look at the config files and the code.
* Finally, do all the things manually. I didn't discover anything on the Internet working here.
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
I have got the user and i have also find the exploit to the root as well.
But i am stuck in exploiting the payload either its a command format issue as i not getting the www-data in my listener. Any hints??
I have got the user and i have also find the exploit to the root as well.
But i am stuck in exploiting the payload either its a command format issue as i not getting the www-data in my listener. Any hints??
Chances are good that you've got a slight error in one of the switches.
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
Hi,I need a bit of help with the last bit of this box,I am www-data and need a bit of help understanding the last exploit,anyone willing to clear up the mist please hit me up..
Hi,I need a bit of help with the last bit of this box,I am www-data and need a bit of help understanding the last exploit,anyone willing to clear up the mist please hit me up..
Got user! Woow, evil machine! (a bit unstable, also...)
May I ask someone to share how you got to read the "D******ts" contents?
I read it after connecting the profiles, but after a reset I never been able to replicate that stuff, so I wonder how did I get it in the first place...
Anyway, thanks @qtc for the great learning opportunity about o****h
Rooted as well, if there is one hint that worth giving on this box i'll share it from one post above from @dr0ptpkt .
"Do your initial research. This box is meant to get us outside our comfort zone and force us to learn about stuff that we would never otherwise learn naturally."
Can someone please give me a nudge on c*****t page? I'm pasting what I'm supposed to in there, and I'm pretty sure the 'click' is happening because if I paste my local dev server url, I get a request.
But then when I proceed to the next step, it's just my accounts that are linked..
Hey guys, I’d appreciate a little nudge. I have access to the admin page and found a way to r******* my app. I can now access some additional resources and have a pretty good idea what to do with them, but I can’t figure out the mechanics. Please PM me if you’re willing to help. I can provide details on what I’ve tried so far. Thanks
Comments
finally rooted i love initial part
PM me for hints if stuck
Am I the only one who cannot get a connection back from the c*****t page?
Anyone can help me?
# iduid=1000(qtc) gid=1000(qtc) euid=0(root) groups=1000(qtc)Big thanks to qtc for ruining 3 days of my life learning about o****. You more than made up for it on the journey to root which I thoroughly enjoyed.
Also #respekt to the many folks that nudged me along the path to user (you know who you are).
Hints:
For user... if you are like me you will want to rage quit- and that just when you do your initial research. This box is meant to get us outside our comfort zone and force us to learn about stuff that we would never otherwise learn naturally. Because of this, the web is now both safer and more dangerous.
For root... Basic enum and google search should get it.
God bless you all. ><>
User is really harder than 'insane'
fatty. Thanx to @ox4lis and @myrtle for help!On the other hand, this is an insane fucking machine, you need to know about everything to get the flags. For me, the root part was too hard and very dirty. It was a ride on hell-like.
These are my hints.
User:
* The machine name is a hint about the initial protocol.
* Examine each request and response in every step of the authorization process. Use tools for that.
* There is one type of attack that you have to look for.
* Don't use the contact page as a way to connect back, this is an insane machine. It can't be so easy.
Root:
* Here starts the hard part.
* Look for the processes that are running on the machine.
* Discover how the infrastructure has been created and take a look around.
* When you know where you are, take a look at the config files and the code.
* Finally, do all the things manually. I didn't discover anything on the Internet working here.
If you need help, ask for nudges.
Cheers
Reach me on Discord: n3b0r#2873
Spoiler Removed
Spoiler Removed
im in [email protected]:~$
That might be the problem.
Note: https://www.nohello.com/
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
Hardest box, i've ever done. Thanks @qtc!
hi all....need some hinit foir priv-sec
@hard said:
Get into the right account to use the form of public transport to get the shell you need.
Note: https://www.nohello.com/
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
Hi all,
Finally Rooted. Very hard box. If you need some help, u can ask me.
thanks for help @CHUCHO
https://www.hackthebox.eu/home/users/profile/50727
I'm in
aeb4525789d8and getting errorModuleNotFoundError: No module named 'bytes'when try to exploit. Is there another payload?@tomiashari said:
I dont know, but you can fix this so the exploit works.
Note: https://www.nohello.com/
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
I have got the user and i have also find the exploit to the root as well.
But i am stuck in exploiting the payload either its a command format issue as i not getting the www-data in my listener. Any hints??
Type your comment> @tomiashari said:
you need to modify the exploit accordingly, i am not getting any error but still unable to get the www-data shell
@Xaro002 said:
Chances are good that you've got a slight error in one of the switches.
Note: https://www.nohello.com/
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
Hi,I need a bit of help with the last bit of this box,I am www-data and need a bit of help understanding the last exploit,anyone willing to clear up the mist please hit me up..
Type your comment> @lesleybw said:
ROOTED!!!
Got user!
Woow, evil machine! (a bit unstable, also...)
May I ask someone to share how you got to read the "D******ts" contents?
I read it after connecting the profiles, but after a reset I never been able to replicate that stuff, so I wonder how did I get it in the first place...
Anyway, thanks @qtc for the great learning opportunity about o****h
Rooted as well, if there is one hint that worth giving on this box i'll share it from one post above from @dr0ptpkt .
"Do your initial research. This box is meant to get us outside our comfort zone and force us to learn about stuff that we would never otherwise learn naturally."
PS: root is easier than getting user on my side.
Big thanks to @qtc.
Finally rooted!!
Thanks @luca76 for that last part
My YouTube Channel => https://www.youtube.com/c/NatzSec
You can subscribe if you want :P
Rooted
thanks to @camnbear and @3l33t for there help with this one
Type your comment> @zero87 said:
Your'e welcome and Cheers bro
My YouTube Channel => https://www.youtube.com/c/NatzSec
You can subscribe if you want :P
I want a nice sleep right now
Can someone please give me a nudge on c*****t page? I'm pasting what I'm supposed to in there, and I'm pretty sure the 'click' is happening because if I paste my local dev server url, I get a request.
But then when I proceed to the next step, it's just my accounts that are linked..
Hey guys, I’d appreciate a little nudge. I have access to the admin page and found a way to r******* my app. I can now access some additional resources and have a pretty good idea what to do with them, but I can’t figure out the mechanics. Please PM me if you’re willing to help. I can provide details on what I’ve tried so far. Thanks
eJPT