Remote

1272830323335

Comments

  • :D I take the root flag before the user one :D :D because didn't see
    Nice machine, I was blocked before notice that I had the password on my hand

  • edited May 2020

    user owned i also have credentials for admin from TV, but don't know what now
    I can't switch user to admin beacuse shell is limited.
    I also find WRM service but it also doesn't work
    can someone give a hint or dm

  • I rooted the box with service method can someone please DM me the TV method

    s1lv3rst4r

  • edited May 2020

    Type your comment> @s1lv3rst4r said:

    I rooted the box with service method can someone please DM me the TV method

    I didn't think that method was still possible, I tried it but could never get anything out of it.

    Edit: If anyone can show me how they did it that way DM me, I want to revisit the box and do it that way. I solved it the other way.

    King of feeling stupid

  • edited May 2020

    Hi guys,

    spoiler removed

    however I'm getting 400 response when trying to log in into web administration. Is it expected?

  • @Anonymous1 said:

    Hi guys,
    however I'm getting 400 response when trying to log in into web administration. Is it expected?

    If you have the right user name and password, you should be able to log in.

    If you are getting an HTTP400 request it means the server thinks you are making a bad request. If you are using something other than a web browser, you may be sending a malformed request.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Whoa! Now it works. With the same request (literally the same, as I used the curl command from the zsh history).

    Seems like sometimes things can be broken (strangely even after the machine reset).

  • @Anonymous1 said:

    Whoa! Now it works. With the same request (literally the same, as I used the curl command from the zsh history).

    Seems like sometimes things can be broken (strangely even after the machine reset).

    If you have creds, it is probably easier to use a browser to access this page.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • User - there's two versions of essentially the same PoC script. Took me waaaaaaaaaay too long to understand the payload in the first script so i used the second script as a reference. Second script is more friendly to testing commands / outputs / error messages

    Hack The Box

  • edited May 2020

    Spoiler Removed

  • @Anonymous1 said:

    @TazWake I'm using curl just to be sure it's not some browser-related issue.

    Might be best to drop me a pm.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • edited May 2020

    @10768390 said:
    user owned i also have credentials for admin from TV, but don't know what now
    I can't switch user to admin beacuse shell is limited.
    I also find WRM service but it also doesn't work
    can someone give a hint or dm

    Same here.
    Can somebody give me a nudge on how/where to use the password acquired from TV to get root?

    edit: got it, am idiot

    If you would like a hint, please give a precise description of what you tried and where you are stuck.
    image

  • edited May 2020
    I need a hint to get the user.
    I've spent two nights looking for that goddam password in the files one is able to mo-- "retrieve". I've found a username in a l*g, but no password. Anywhere.
    Since this is an easy machine, it seems I'm missing something basic... Any clue? Don't tell me the answer, only clues for me to know where to look for.

    Some observations:

    >>F** logged as f*p seems to be empty (I hope this is normal).
    >>I was able to find a shell with a suspicious body name among the files. It's an uploaded file in a temporal dimension. I wonder if this is intended or just something that someone dropped there lol.
  • Root : For those who are wondering if the U****c way is patched, it is not, Good luck !
    Just don't rely too much on tools, you can do it by yourself pretty easily, some research about that will help you

  • @RangerRocket said:

    Any clue? Don't tell me the answer, only clues for me to know where to look for.

    Clues are hard because what makes sense to me, might not make sense to you.

    However look for a file where the name relates to a thing you might have found in your enumeration and the extension is very rarely seen in a windows environment. The carve through the file using whatever tool appeals you. You should find something interesting along with a signpost as to how you can turn it into something useful.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Hi all,

    Can someone tell me on how to root using TV method. I have rooted using the u****c method but unable to figure out how to do so using TV . Is it possible to do so without using metasploit at all ?

    Please help 🙏 :smile:
  • edited May 2020

    Rooted the box! Anyone who needs a nudge, feel free to ping me!

    1. Try to find the creds
    2. Next step would be to find the right exploit ( it needs the cards you found earlier.)
    3. Using the exploit try to obtain a shell.
    4. Look for services running on the machine.
    5. Play around with $PATH equivalent of windows.

    If it helped you a bit, feel free to drop +1 respect.

  • Rooted! Search for the evil tool, its a well-known windows escalation tool. Available for hints

  • i got the creds in tv but i dont think they are the real ones and if yes then how to use them...
    but i have started to think that it is just a rabbit hole

    Hack The Box

  • @R1ncew1nd said:

    @10768390 said:
    user owned i also have credentials for admin from TV, but don't know what now
    I can't switch user to admin beacuse shell is limited.
    I also find WRM service but it also doesn't work
    can someone give a hint or dm

    Same here.
    Can somebody give me a nudge on how/where to use the password acquired from TV to get root?

    edit: got it, am idiot

    dudeee i am on this stage
    where do i use them....
    it feels like i am very close but just cant get it...

    Hack The Box

  • Whenever I try to download something to the machine I get a "remote name cannot be resolved", I am trying to get a reverse shell but unable to download P****cat on the host machine because of this error.Any suggestion on how to fix this

  • FINALLY ROOTED
    DECENT BOX ROOT WAS MUCH EASIER AS COMPARED TO USER
    ALL OVER A FUN BOX

    Hack The Box

  • This box is bloated so badly rn. Can't even open the website anymore lol

  • Does getting to user require opening a windows-based tool to read a s** file?

    Hack The Box

  • Type your comment> @wittr said:

    Does getting to user require opening a windows-based tool to read a s** file?

    Make notes. Keep a notepad handy.

  • @wittr said:

    Does getting to user require opening a windows-based tool to read a s** file?

    No.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • edited June 2020

    @wittr said:

    Does getting to user require opening a windows-based tool to READ a s** file?

    Not necessary. I was through the same but I realized there are other WAYS to get what you're looking for. Don't overlook, I think you're fine, you just need to READ.

    @blacViking said:

    Whenever I try to download something to the machine I get a "remote name cannot be resolved", I am trying to get a reverse shell but unable to download P****cat on the host machine because of this error.Any suggestion on how to fix this

    Since I don't get what you're trying to do, I could have some workarounds for you based on my experience (I technically didn't have to download anything remotely, although it's just because I like it more that way):

    If you still don't have access to the machine:
    Use one of the services, there is one vulnerability that could help you get what you want on the other side. Then, there is an exploit to finish your objective.

    If you already have access to the machine:
    In Kali Linux, there is one important tool that could help you by generating a payload and store it in YOUR machine. Make sure to serve it to the remote one, or even better, execute it remotely without storing it in disk to get a session (depending on the shell you're using, you could do that!). Then that tool can easily get you to root, you just have to explore. If you feel tired, I recommend you to sleep so you can power up! ;)


    I finally rooted. As a noob with poor OS and pentesting knowledge, I can say this was all an adventure. I got stuck for hours but I learned A LOT!

  • VIEWSTATE = soup.find(id="__VIEWSTATE")['value']

    Getting this error like others in here - tried sorting my clock out but no luck , anyone able to pm me with help :)

  • @QuiQonJim said:

    VIEWSTATE = soup.find(id="__VIEWSTATE")['value']

    Getting this error like others in here - tried sorting my clock out but no luck , anyone able to pm me with help :)

    i got the same error...
    what url are you using
    PM me

    Hack The Box

  • Finally rooted, learned a lot from this box
    PM if you need any help

Sign In to comment.