Remote

12930323435

Comments

  • Got root, but it looks like through the unintended way. I found credentials for the intended way and am working on applying them. DM for nudges.

    Harbard

  • Can someone help on this box. Nudge pls.

  • I got root. Someone else have a problem with the shells down all the f***n' time?

  • edited June 2020

    Can someone please message me to help me with root, i know the permissions that i need to exploit but i need help.

    ******Update******

    I was able to figure it out, basic enum will give you two directions to go into. I am more of a team player tho :)

  • Finally rooted!

    Enjoyable box don't think to hard about the Priv Esc.
    DM if you need any help

  • edited June 2020
    NVM

    Nism0

  • Okay, so i got in with creds ( 1 set) and able to do whatever on the backend with the site. Now i have found the version # and a exploit however I am trying to get it to work and having some major issues since there is no "this is the syntax" for this exploit and it keeps erroring out when i try a help page. Could someone DM me and see if I am using the correct one? Or be able to assist with the correct syntax?

    Thanks!

  • Shout out to absolutenoob 1 and Nism0 for reaching out. Was able to get the respective scripts working, was just a little newb on seeing what was right in front of me.

    User hash gotten
    Root -- not so much, and lost my session lol

  • Well, it's reached the point where it's no fun anymore I'm afraid... :(
    I got the creds, and I'm able to ping myself through the particular exploit.
    Yet, no matter what changes I do to get a RV, I always get either nothing or a syntax error (relatively to the million of double and single quotes I guess).
    Would someone be kind enough to tell me what I should do from there ? Windows syntax is weird and unknown to me and I think that might be the reason I've been struggling for a while now.

    dragonista

  • I know it may sounds bad but can anyone point me in the right direction for user. I am trawling though the share and umbraco files. Not found much till now apart from the portal and a user called s****h. No password that I can see through

    n3wb1e

  • Finally got root on this one...i could not get the U** S** route to work though. The alternative route is a great enum and research option. Learned quite a bit working on this one! Much thanks, @mrb3n

    C:\Windows\system32>whoami
    nt authority\system
    C:\Windows\system32>systeminfo
    Host Name: REMOTE

  • edited July 2020

    This is my first. I have managed to get the file and have find user credentials but do not know how to find password. Assuming they are encrypted. Anyone point me in the right direction?

    Found them!

  • Finally rooted! Feel free to PM me for any nudges!

  • HI Guys,
    i am stuck with the root part
    I am unable to run In*e-AC***S ... its showing me and error....
    can anyone help me out with this ?

  • edited July 2020

    Type your comment> @panic said:

    Hi all,

    For the TV exploit, could someone point me to the best way to run a python exploit on a Windows box? What did you do?

    Yes, I know there's metasploit, but who did the exploit without MSF? Any tips would be very appreciated.

    Thanks!

    This is the problem I'm having. I am confident I am super close to getting root, but these are my dilemmas regarding the two methods that seem to be hinted are in this thread:

    1) TV exploiit: the box doesn't have Py in order to run the exploit. I went as far as dropping a "portable" version of it, but it has to be version 2 which doesn't appear to have such a version and I can't seem to get it to install, which I wasn't expecting to work anyway.

    2) Un****** Se****: I keep getting this message, NoMethodError undefined method `extapi'

    Edit: So I figured out a way to run Py "remotely" and I think this is the direction I'm supposed to be going in, but it is telling me the command ran without returning a result. Still chipping away.

  • @routetehpacket said:

    This is the problem I'm having. I am confident I am super close to getting root, but these are my dilemmas regarding the two methods that seem to be hinted are in this thread:

    1) TV exploiit: the box doesn't have Py in order to run the exploit. I went as far as dropping a "portable" version of it, but it has to be version 2 which doesn't appear to have such a version and I can't seem to get it to install, which I wasn't expecting to work anyway.

    You are over-complicating things, here. You can grab useful information with built-in Windows tools, and then do the "heavy lifting" on your own machine ;)
    Feel free to PM me, if you have questions.


    Hack The Box
    OSWE | GREM | OSCE | GASF | eJPT

    Feel free to PM me your questions, but please explain what you tried, so far.

  • rooted. This was trouble for me.

    Not familiar with windows stuff so it was hard for me to see what is vulnerable.

    Thanks for the box.

  • thanks, @HomeSen

    I was able to get root the "native" route, but I'd still be interested in figuring out the "hostname" way if it is possible.

  • finally rooted

  • Hi, I found one password and the user but I can not login. Is the password wrong? I tried both user mails (I have found)

  • Traceback (most recent call last): File "secretnameofthisexploit.py", line 54, in VIEWSTATE = soup.find(id="__VIEWSTATE")['value'] TypeError: 'NoneType' object is not subscriptable

    Hey guys i have this issue on my kali. I can use exploit from my main OS anyway i want to fix this issue on kali.
    Is there some1 who know how to fix it ? date seems to be okey
    nudges++

  • Finally rooted using U****C user was actually way easier for me than root. Learned some for root, definitely a fun box. I think ill try through TV now. PM me for nudges.

  • Finally rooted this box. It took me way longer than it should have because I was being an idiot for the first couple days. I used the TV method. Not entirely sure what the U****C thing I've been seeing is, I'll have to look into that.
    Root was much easier than User, it just takes basic enumeration and then knowing what to do with the PW. Thanks for the nice box, @mrb3n.

    kneedeep

    Reality is often disappointing.

  • C:\Windows\system32>hostname && whoami
    hostname && whoami
    remote
    nt authority\system
    

    I learn something from the box.

  • Hello, I got the creds for login to Umbraco. After that I did searchsploit for umbraco and got some exploit from metasploit.

    I tried to use Metasploit but it is not working. I don't know why?

    is there any other way?

  • I can't seem to get the RCE exploit to work, anyone got any tips on what to check?

  • Has this box been out and retired once already? I found a total walkthrough for it online...

  • This machine is still alive and kicking active. Unfortunately, not everyone follows the rule of "no public write-ups before retirement".


    Hack The Box
    OSWE | GREM | OSCE | GASF | eJPT

    Feel free to PM me your questions, but please explain what you tried, so far.

  • Finally rooted the TV way, also very close the other way but not quite there. Thanks HomeSen for the nudge(s). First HTB...done

  • @japh42 said:

    Has this box been out and retired once already? I found a total walkthrough for it online...

    What @HomeSen has said is 100% correct (as usual). If you find a write up for a HTB machine you can, if you want, report it to HTB. You can remind the author of the ToS for HTB or you can ignore it.

    I am curious how people find these write-ups without actively searching for the box name and write up.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

Sign In to comment.