Traceback

1222325272830

Comments

  • Type your comment> @TazWake said:

    @Thanos17 said:

    when trying to SSH to 10.10.10.181 I am getting a password prompt. I didn't configure any password while regenerating the ssh keys . Does anyone getting the same message , for a password prompt ?

    If it is a password prompt from the server, your keys have been overwritten by someone else or haven't been installed correctly.

    If its a password to unlock the key, then either you messed up and did set a password or something really weird is going on.

    If you are using key based authentication (and I assume you've used -i correctly), the only password requests come from your machine, not the server.

    TazWake thanks I will remove all the existing keys and regenerate !!

  • PLEASE STOP RESETTING THE F*** MACHINE

  • PM me for help on this one i enjoyed it, finished doing my re write this morning

  • Could someone help me on this?
    1. I initially did OSINT and used the forum to Internetzzz the webpage and able to login.
    2. I checked that a programming language should be used which I had no idea but managed to get it from the history.
    3. Now as defined by sudo -l, I tried to swich user and run the command sudo -* s*** /home/sysadmin/luvit *.lua
    4. I performed the above command through the console of the backdoor
    I don't see anything after that.
    Please help me here to move further

  • @PChan said:

    Please help me here to move further

    There are a few ways you can do this. You can either create a script in the language which does things to grant you access or you can get the fck out of the shell.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Type your comment> @TazWake said:

    @PChan said:

    Please help me here to move further

    There are a few ways you can do this. You can either create a script in the language which does things to grant you access or you can get the fck out of the shell.

    I stayed and did it. Thank you

  • Rooted, thanks for this machine. I don't really understand the moaning about resets, didn't disturb me at all. Foothold was quite unique, user was rather simple, a lot of useful hints on the forum. Root was a lot of fun, timing is important but I managed to get it on the first try.

  • Wasted a lot of time on not setting the correct permissions on a specific file. Nice machine learned a lot.

  • Type your comment> @squirrelpizza said:

    So far I found the 2 ports open after doing an all ports scan. Directory busting got me nothing, I saw the clue on the web server. But I do not see anywhere to upload the web shell. Can someone give me a nudge as how to get to a spot to upload?

    Did you get where to upload?

  • Rooted, finally...after sooooooooo many attempts.
    Hint, don't overthink it....(like I did for the last 4 hours).

  • thanks Xh4h, great box! it was a pain that sometimes it would crash after getting first shell but learned a thing about ssh and a new programming language

    pm for hints. pleased to help!

  • Hi guys, i need help with this machine.
    i am trying to connect with SSH but get an error message of "access denied, please try later" i do not want to write all steps here because maybe other people did not reach this step yet.. but any suggestions? i gave the right permissions to the relevant files, edited the sshd.config as needed and still get the same error.
    any suggestions? :(

  • Already spawned a shell...Now having trouble escalating privileges...any hints??

  • @RomeosCyber there is a way of escalating using certain files in certain folders within your initial shell

  • @Karthik0x00 said:
    Type your comment> @squirrelpizza said:

    So far I found the 2 ports open after doing an all ports scan. Directory busting got me nothing, I saw the clue on the web server. But I do not see anywhere to upload the web shell. Can someone give me a nudge as how to get to a spot to upload?

    Did you get where to upload?

    you found the hint have you tried looking up that hint?

  • @>; @callmevader said:

    @Karthik0x00 said:
    Type your comment> @squirrelpizza said:

    So far I found the 2 ports open after doing an all ports scan. Directory busting got me nothing, I saw the clue on the web server. But I do not see anywhere to upload the web shell. Can someone give me a nudge as how to get to a spot to upload?

    Did you get where to upload?

    you found the hint have you tried looking up that hint?

    yeah
    i already have the s******n and w******n ssh shells, still struggling with priv esc

  • so what can you find in their directories?

  • Type your comment> @callmevader said:

    @Karthik0x00 said:
    Type your comment> @squirrelpizza said:

    So far I found the 2 ports open after doing an all ports scan. Directory busting got me nothing, I saw the clue on the web server. But I do not see anywhere to upload the web shell. Can someone give me a nudge as how to get to a spot to upload?

    Did you get where to upload?

    you found the hint have you tried looking up that hint?

    Yup I got it. But stuck at privilege escalation to r**t. Any hint?

  • @Karthik0x00 said:

    Yup I got it. But stuck at privilege escalation to r**t. Any hint?

    Try Spying on the running processes

    Watskip

    < Soli Deo Gloria >

  • Nice box. And good to have a privesc that's not too easily spelled out by automated scripts.

    I'm a bit curious on a certain job that appeared to run on the box, with an executable in UPPER CASE which didn't actually existe on the box ?!

    lebutter
    eCPPT | OSCP

  • How are people getting ideas of OSINT? i see it nowhere in the page source!
    and also the author has collection of web-shells? but how do i use this info?
    and also how do i use OSINT to proceed further?

  • Type your comment> @in3vitab13 said:
    > How are people getting ideas of OSINT? i see it nowhere in the page source!
    > and also the author has collection of web-shells? but how do i use this info?
    > and also how do i use OSINT to proceed further?

    The author has a collection of webshells. These are .PHP. you are attacking port 80. Maybe you can check for webshells already installed?
  • Spoiler Removed

  • @dalemazza said:
    Type your comment> @in3vitab13 said:

    How are people getting ideas of OSINT? i see it nowhere in the page source!
    and also the author has collection of web-shells? but how do i use this info?
    and also how do i use OSINT to proceed further?

    The author has a collection of webshells. These are .PHP. you are attacking port 80. Maybe you can check for webshells already installed?

    also,, whats this hype about OSINT in the discussions?!

  • Type your comment> @in3vitab13 said:
    > (Quote)
    > also,, whats this hype about OSINT in the discussions?!

    It stands for Open source intelligence. It's a very broad term to use. It is using any legal means of collecting information on a target. Think of it as being passive reconnaissance
  • ohkay who is this fucker , who keeps messing with the box!
    It says my flag is wrong while submittng it!!

  • why does it say my flag is incorrect even after resetting it?

  • @in3vitab13 said:

    why does it say my flag is incorrect even after resetting it?

    The dynamic flags should change on each reset. It probably takes a few minutes after a reset for the flags to be working but I've no idea how it works on the backend.

    If you have problems with this, you need to raise it with HTB via Jira so they can understand the scope of the problem. https://hackthebox.atlassian.net/servicedesk/customer/portal/1

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Type your comment> @TazWake said:

    @in3vitab13 said:

    why does it say my flag is incorrect even after resetting it?

    The dynamic flags should change on each reset. It probably takes a few minutes after a reset for the flags to be working but I've no idea how it works on the backend.

    If you have problems with this, you need to raise it with HTB via Jira so they can understand the scope of the problem. https://hackthebox.atlassian.net/servicedesk/customer/portal/1

    yeah, it worked once i tried it after a while!

Sign In to comment.