Multimaster

Don’t let it master you!

egre55

«134

Comments

  • And here I was hoping for a break after Oouch...

    clubby789

    • GCIH
      If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments, or on box release night). And remember to +respect me if I helped you ; )
  • What could possibly go wrong? :D


    Hack The Box
    defarbs.com | Retired Machine Writeups! - "Let me just quote the late, great Colonel Sanders, who said, 'I'm too drunk... to taste this chicken.'”

  • 6 minutes left to launch!

  • is my connection misbehaving or there is some sort of WAF/rate limiting control in front of that web portal?

  • @init5 said:
    is my connection misbehaving or there is some sort of WAF/rate limiting control in front of that web portal?

    Probably rate-limiting. Had the same after too many quick requests


    Hack The Box
    GREM | OSCE | GASF | eJPT

  • So far, I've found several valid users and ipv6 of the host (two tbh, but one is pointing to another machine).
    Trying to move forward, but nothing to play with except bruteforcing but I am trying to avoid that.

    Anyone is the same!!

  • edited March 7

    @D8ll0 said:
    So far, I've found several valid users and ipv6 of the host (two tbh, but one is pointing to another machine).
    Trying to move forward, but nothing to play with except bruteforcing but I am trying to avoid that.

    Anyone is the same!!

    Trying to do the same with Intruder, the rate limiting thing is annoying as hell

    EDIT: Apparently slowing things down is key, I found a user.

  • all I've got so far is a list of users, but no passwords for any of them yet. Haven't had any issues with rate limiting yet but I've been doing it all pretty slow

  • How are you guys rate-limiting your dirsearch/gobuster/... and Metasploit is telling me I found 16 valid users which I am pretty sure is wrong. Anyone want to give me a hint on how they are verifying the users are real?

  • same here got some valid users, but thats all so far..

    madhack
    If you need help with something, PM me how far you've got already, what you've tried etc.
    Discord: MadHack#6530

  • edited March 8

    Validated users and dumped a hash. Onward! :)

    Edit: Passwords obtained!


    Hack The Box
    defarbs.com | Retired Machine Writeups! - "Let me just quote the late, great Colonel Sanders, who said, 'I'm too drunk... to taste this chicken.'”

  • @farbs said:
    Validated users and dumped a hash. Onward! :)

    Hints? 😛

  • Type your comment> @init5 said:

    @farbs said:
    Validated users and dumped a hash. Onward! :)

    Hints? 😛

    Figure out how to properly bypass the WAF :)


    Hack The Box
    defarbs.com | Retired Machine Writeups! - "Let me just quote the late, great Colonel Sanders, who said, 'I'm too drunk... to taste this chicken.'”

  • After 5 hours, all I have is pretty low-priv injection. So many attack points, but everything closed.

    clubby789

    • GCIH
      If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments, or on box release night). And remember to +respect me if I helped you ; )
  • I only have a bunch of users, with which no brute forcing works, and still trying to poke around the #$#[email protected] WAF

  • Type your comment> @farbs said:

    Type your comment> @init5 said:

    @farbs said:
    Validated users and dumped a hash. Onward! :)

    Hints? 😛

    Figure out how to properly bypass the WAF :)

    This is useful hint.
    It worked with me.

  • Type your comment> @D8ll0 said:

    Type your comment> @farbs said:

    Type your comment> @init5 said:

    @farbs said:
    Validated users and dumped a hash. Onward! :)

    Hints? 😛

    Figure out how to properly bypass the WAF :)

    This is useful hint.
    It worked with me.

    This worked for me too. Bypassing WAF got me to next phase of exploitation.

  • There is a really easy way to get a list of 17 users on the web front end using one request and intruder.

  • Spoiler Removed

  • Type your comment> @farbs said:

    Type your comment> @init5 said:

    @farbs said:
    Validated users and dumped a hash. Onward! :)

    Hints? 😛

    Figure out how to properly bypass the WAF :)

    I'd be interested to hear if you have any pointers on how you got the hashes

  • wtf no blood till now

    Arrexel
    OSCP | I'm not a rapper

  • Anyone had any luck with the hashes yet?

    I've tried cracking them with some public lists, some of my own and from scraping and still no thing.

  • Users?, You guys got users? :wink: , well any hints to get those 17???

  • Type your comment> @nav1n said:

    Users?, You guys got users? :wink: , well any hints to get those 17???

    You need to find the part of the site to do with names then bypass the WAF by talking to it differently to normal.

    Sorry if this seems confusing. I tried to be clearer above and it got marked a spoiler.

  • Type your comment> @GoldsteinNZ said:

    Type your comment> @nav1n said:

    Users?, You guys got users? :wink: , well any hints to get those 17???

    You need to find the part of the site to do with names then bypass the WAF by talking to it differently to normal.

    Sorry if this seems confusing. I tried to be clearer above and it got marked a spoiler.

    Got it, thanks alot :)

  • edited March 8

    Got user! What a fantastic machine so far. Kudos @egre55 & @MinatoTW


    Hack The Box
    defarbs.com | Retired Machine Writeups! - "Let me just quote the late, great Colonel Sanders, who said, 'I'm too drunk... to taste this chicken.'”

  • I am bashing my head in the wall since last night even after bypassing WAF, nothing is crack-able from what I managed to dump. 😣

  • @init5 said:

    I am bashing my head in the wall since last night even after bypassing WAF, nothing is crack-able from what I managed to dump. 😣

    It's crackable, just not the first thing you see

    clubby789

    • GCIH
      If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments, or on box release night). And remember to +respect me if I helped you ; )
  • @clubby789 said:
    @init5 said:

    I am bashing my head in the wall since last night even after bypassing WAF, nothing is crack-able from what I managed to dump. 😣

    It's crackable, just not the first thing you see

    I got 17 in total with only 4 being unique, tried rockyou.txt against everything but nothing worked.
    I am guessing I'm moving in the wrong direction.

Sign In to comment.