Remote

edited March 21 in Machines

I will be working from home on this one.

Good luck to everyone.

«13456733

Comments

  • easy windows machines, my favourite :)

  • Kinda bummed about two Easy machines in a row... Oh well. Hoping they get more difficult next week! Have fun all :)


    Hack The Box
    defarbs.com | Retired Machine Writeups! - "Let me just quote the late, great Colonel Sanders, who said, 'I'm too drunk... to taste this chicken.'”

  • I thought the last machine was an insane rated one? Maybe that was the week before

  • Type your comment> @VbScrub said:

    I thought the last machine was an insane rated one? Maybe that was the week before

    The last machine was Traceback, it was a pretty easy linux box.

  • ah ok yeah I was thinking of Multimaster from the week before

  • I'm giddy with anticipation, i've developed a fondness for windows machines over the last few months.

  • many files

  • Congrats qtc on First Blood!

  • Found a lot of files...cant find any creds

  • edited March 21

    I've got admin access to the site, but connection keeps dropping. Will try again later.

    Hack The Box

  • Pretty fun and quick machine. Probably the fastest root I've ever got.
    User: Search high and low, find some names and a cred. Find an exploit and do it.
    Root: Standard checks, see what jumps out.

    clubby789

    • GCIH
      If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments, or on box release night). And remember to +respect me if I helped you ; )
  • Rooted! thanks for the author of that box !

    For the user it was quite frustrating for me, It took an hour to get a stable reverse shell.

    You don't have to use any exploit, just what the app offers you ;)

    OSCP, OSWP, GCIH, CEH, Security+, VHL Advanced+

    https://www.phrozen.io/

    Hack The Box

  • is the lowest port a rabbithole?

    Hack The Box

  • They really should ban those 45535 who stop services and delete some files. I really dont get the purpose of that.

    Hack The Box

  • edited March 22

    can anyone confirm if the N** file sharing port is meant to be open or not (port number starts with 20) ?

    When I did my initial port scan it was open, but since then doing further port scans it is not showing up and attempting to interact with it gives nothing but time outs. Wondering if this only showed in the initial scan due to something someone else was doing on the machine or if its actually meant to be there but is down for some reason at the moment...

    **EDIT: ** Changed my VPN to use the US servers instead of EU and now the port is open and is useful

  • Spoiler Removed

    Hack The Box

  • edited March 22

    @calamaris I switched my VPN to the US servers instead of EU and now the port is open (and useful). Thanks to @akatsuki and @roelvb for messaging me to say that port should be open

  • Type your comment> @calamaris said:

    This m***t **s is so luggy, my terminals stuck

    did someone get something out of it?
    enum it takes me ages with nothing useful so far.

  • Hmm yeah I downloaded all the files from m***t **s , not finding much but a possible username. Low port has nothing as anonymous

  • Type your comment> @VbScrub said:

    can anyone confirm if the N** file sharing port is meant to be open or not (port number starts with 20) ?

    When I did my initial port scan it was open, but since then doing further port scans it is not showing up and attempting to interact with it gives nothing but time outs. Wondering if this only showed in the initial scan due to something someone else was doing on the machine or if its actually meant to be there but is down for some reason at the moment...

    I'm almost positive it's meant to be open

    Hack The Box

  • Which file am I supposed to find in this many files? Can someone please give me a little hint?

  • Rooted. Easy, but fun box. Lose a lot of time finding the right payload in the first step.... Been stupid. After, Root is 10 minutes formality.... on VIP box ;-) PM for Nudge

  • @kimleepark said:
    Which file am I supposed to find in this many files? Can someone please give me a little hint?

    Think about what you're looking for - credentials. Do some googling about what file contains those for this CMS

  • Type your comment> @kimleepark said:

    Which file am I supposed to find in this many files? Can someone please give me a little hint?

    use find and point attention to the files it returns. one of them is very specific

  • Thanks all. I got the user.

  • That Exploit PoC is a bit hard to understand.

  • edited March 22

    Really cool box, enjoyed both parts, the initial foothold and the priv esc

    For user:

    • It is similar in a certain way to other two services that are running in the machine
    • Which version is running?

    For root:

    • Search for a list of windows privilege scalation, try everything or try smart, anyway, both will give you what you want
  • not so sure whats going on while i get access via burp the minute i translate that to code it hangs the minute itry to reauth using browser it never reconnects for like 10 -20 minutes

    if i copy the valid command to curl from burp it takes 11-17 seconds than will work in browser but yet i can never hit stage3 url of the poc even after heavily modifying it can anyone give me some insight what im doing wrong after logging in via burp i get a dict of info via successful username and pass but that's as far as i can get the other dir is a redirect and never seems to get me anywhere /***tall dir is redirect am i lost?

  • edited March 22

    I cannot find any kind of creds.... I tried many files and googling. But google suggest database which i don't have access to. This machine is driving me insane! Its suppose to be easy and I can't even go one step further... Any help would be appreciated...

  • Spoiler Removed

Sign In to comment.