Traceback

1679111230

Comments

  • guys plzz tell me how to solve the error of .lau file.... i am stuck there for a long time... plzz do reply

    Hack The Box

  • Rooted!
    Fun box, but a little weird in the beginning when you have to guess the right backdoor.
    User: after getting the first shell, no need to write your own script - GTFO will help you
    Root: as it was mentioned several times, pspy...but be careful. it is not CP you really need. Again, no need to write your own script - pentestmonkey is the best solution.

  • Awesome box! Really good to repeat all the basics you have learned through previous boxes.

    Razzty

  • edited March 2020

    finally rooted !!!!!!
    amazing box thank you Xh4H
    amazing help from the guys also thank youu

    foothold : work with what you have and use google
    user : you can do more than you think
    root : don't forget to give your self your apartment key and be quick

    Ping me for help

  • It would be nice if people would stop putting stuff in the user's home folder.
    Please use /tmp or /dev/shm people!

    FlatMarsSociet

  • finally rooted, easy but funny and informative box
    root part is the funniest part :smiley:

    pm me for any hint :)

    thank for this machine


    Hack The Box

    You can pm me on discord sh4d0wless#6154

  • I'm at the beginning of hackthebox, and I don't know much about OSINT, could you give me a tip?

  • Rooted! That was fun. PM me for hints! :) Shout out to @Xh4H for a beginner-friendly box! This is my second active machine. Thanks for everyone who helped me along the way!

  • Type your comment> @Oliba said:

    I'm at the beginning of hackthebox, and I don't know much about OSINT, could you give me a tip?

    The info you need for the foothold is on the page. Perhaps check more that what is immediately visible.
    Basic OSINT starts with some Google'ing.

    FlatMarsSociet

  • ouch someone just overwritten the initial foothold...

  • Some funky stuff is happening, I think the main file you need has been removed too. In the mean time for an absolute noob like me after accessing the webshell can I get a hint on how I can actually ssh into w******n?

  • Type your comment> @Oliba said:

    I'm at the beginning of hackthebox, and I don't know much about OSINT, could you give me a tip?

    search for the author on google . you will find something intresting

  • Type your comment> @FlatMarsSociet said:

    Type your comment> @Oliba said:

    I'm at the beginning of hackthebox, and I don't know much about OSINT, could you give me a tip?

    The info you need for the foothold is on the page. Perhaps check more that what is immediately visible.
    Basic OSINT starts with some Google'ing.

    Are you talking about w** s**** hint?? How do you access it without uploading??

  • @alalno said:

    Are you talking about w** s**** hint?? How do you access it without uploading??

    You don't need to upload any web shell. The "evil hacker" who defaced the website already left one for you on the server. You just need to find it via basic OSINT/Google-fu ;)


    Hack The Box
    GREM | OSCE | GASF | eJPT

    Feel free to PM me your questions, but please explain what you tried, so far.

    Currently busy with AWAE

  • Is Box Broken?

  • @TheUndergrad said:
    Is Box Broken?

    Just tried. The initial foothold and also user are working fine. Couldn't test root, since the box just got reset.


    Hack The Box
    GREM | OSCE | GASF | eJPT

    Feel free to PM me your questions, but please explain what you tried, so far.

    Currently busy with AWAE

  • @TheUndergrad said:

    Is Box Broken?

    Lots of people dont understand what they are seeing and reset the box because they dont get the response they expect. This means that for about 20% of the time the box is probably rebooting.

    *Note: I am not going to be available much in August. *

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • can someone plzz give me nudge on root...

    Hack The Box

  • edited March 2020

    Hey all! Just finished rooting this box, thanks Xh4H for the fun machine!

    My hints:
    User: Not every webpage is as it appears... try inspecting further into the message left by the creator. Finally, google away! List out your ideas if it helps.
    Root: Basic unix enumeration tools should help you here. Pspy is great and will help to know when your target is run so you can trigger it yourself.

    Feel free to message me for any hints or nudges!

    ChefByzen
    If I helped you out at all, feel free to click my badge and give +1 respect!

  • @thescriptkiddy said:

    can someone plzz give me nudge on root...

    Enumeration.

    And SSH can trigger things.

    *Note: I am not going to be available much in August. *

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Type your comment> @TazWake said:

    @thescriptkiddy said:

    can someone plzz give me nudge on root...

    Enumeration.

    And SSH can trigger things.

    ik bout 00-h***er but still i dont know what to do :/

    Hack The Box

  • @thescriptkiddy said:

    ik bout 00-h***er but still i dont know what to do :/

    Well, in very general terms - make it suit your needs, then get it to trigger.

    *Note: I am not going to be available much in August. *

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • edited March 2020

    People are really messing up the box.. They're deleting luvit 🤦

    spowlay

  • Type your comment> @spowlay said:

    People are really messing up the box.. They're deleting luvit 🤦

    yea. There was a group of people deleating it earlier and then blocking resets. Most of the vip labs are ok. Idk about the free ones

  • Just rooted the box! User was quite fun and easy. Root was challenging for me, but thanks to some nudges from @ChefByzen I was finally able to get root! Learned a lot of new things doing this machine!

    • Foothold: Enumerate everything you see and don't only rely on tools, but also follow some hints manually.
    • User: Once you're on the machine, there's a tool available on the machine that you might want to use. Hints for that can be found were you'll probaly look anyway to own user.
    • Root: Enumerate the machine and try to understand the processes that run on it. Great tools for that have already been named here in the thread. Find a way to exploit these processes - to do that, you should find a way to go into the box from the front door, instead of the back door.
  • finally rooted, thanks a lot for pointing to the right direction @HomeSen !!! Nice box , root needs to play with the sleeping time for system

  • I just redid the machine after the patches and still so funny how everyone tries to upload his own rshell xD

    little hint because a lot are stuck at the part with the new language:

    you can use gtfo for more than only root...
    .. and if the first command doesnt work maybe you didn't try hard enough!

  • edited March 2020

    So many people uploading shells, and deleting files. :D

    EDIT - Got user - cheers @h3105 . Working on root. ;)

    My tip for user... some processes don't work so well running non-interactive

  • A short & enjoyable box. - Nice one Xh4H

    VɅNTɅBLɅCK

  • Easy but funny box, thanks @Xh4H

Sign In to comment.