ForwardSlash

No thread yet?, so I decided to make one :)

Tagged:
«13456710

Comments

  • edited April 4

    I was waiting for someone :-)

    foxlox

  • edited April 4

    found something interesting
    again something next, and login panel

  • Not sure how to handle the cipher...

  • Type your comment> @nav1n said:

    No thread yet?, so I decided to make one :)

    thx alot , i was waiting for this thread

    fmwd

  • no nudge yet? :D seems to need to LFI/RFI but cannot find the script to do it :(

  • what kind of hash this?

  • where is the hash:( cannot find any hash :(

  • Type your comment> @Linoge said:

    where is the hash:( cannot find any hash :(

    read the defaced page again :smile:

  • edited April 4

    Woo!

  • edited April 4

    i'm confused ,can't find anything for the moment. anybody willing to give a hint where to look for?
    nevermind got something new :)

  • I just got the XML file I don't have an idea about decrypting it's new for me

  • So is fuzzing not going to find me that magical xml file? I may have gone down a rabbithole of following the hacker gang's name and finding a related exploit.

    Anuragd

  • edited April 5

    found lfi :)
    now on to the reverse shell

  • any hits ??

    fmwd

  • Type your comment> @anuragd said:

    So is fuzzing not going to find me that magical xml file? I may have gone down a rabbithole of following the hacker gang's name and finding a related exploit.

    try to fuzz something like a text, it will help you for next steps

  • Type your comment> @foxlox said:

    try to fuzz something like a text, it will help you for next steps

    been fuzzing file types for a couple hours now :(
    What I thought could be helpful from the site was less than successful 🤔

    Arrexel
    CCNA, CCNA SEC, SEC+

  • Spoiler Removed

  • edited April 5

    Spoiler Removed

  • Rooted at last. This machine was quite cool. A very nice mix of techniques. Congrats to the creators for it!

    In case you need a nudge:

    1. Once you get into the correct place, be a hero and point all the guns at yourself. If you're lucky enough you'll catch the bullet mid-air.
    2. Pretty standard technique to go from user A to user B. Enumerate!
    3. For root, sometimes you don't need a key to open a broken door. Just focus on the cracks.
  • edited April 5
    > @munra said:
    > * Once you get into the correct place, be a hero and point all the guns at yourself. If you're lucky enough you'll catch the bullet mid-air.

    What kind of hint is this ?

    fmwd

  • I rooted, but I don't quite understand why what I did works. If someone can explain the c****o part to me, that wouuld be much appreciated.

    clubby789

    • GCIH
      If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments, or on box release night). And remember to +respect me if I helped you ; )
  • Type your comment> @clubby789 said:
    > I rooted, but I don't quite understand why what I did works. If someone can explain the c****o part to me, that wouuld be much appreciated.

    Any hits ?

    fmwd

  • edited April 5

    My enum game is weak on this one, only found the text and can't bust anymore from the 'clue' :(

    Edit:
    nvm being lazy

    alt text

  • Type your comment> @fmwd said:

    Type your comment> @clubby789 said:

    I rooted, but I don't quite understand why what I did works. If someone can explain the c****o part to me, that wouuld be much appreciated.

    Any hits ?

    Consider doing one of the easier boxes first. The box has only been up for 12 hours..

    Hack The Box
    Did I help you? Please return the favour and +1 respect me
    https://www.hackthebox.eu/home/users/profile/62941

  • Is password from *.php rabbit hole?

  • Type your comment> @ls4cfk said:

    Is password from *.php rabbit hole?

    Try reading all php files you can. You must have seen something like Unauthorized

  • edited April 5

    user: read notes, find location, signup and use text fields, bond something together to escalate
    root: enumerate, routine check and get the right way, open you eyes, is there

    [email protected]:~# ifconfig | fgrep 10. | awk '{print $2}'
    10.10.10.183
    [email protected]:~# id
    uid=0(root) gid=0(root) groups=0(root)

    foxlox

  • hg8hg8
    edited April 7

    So far loving the "Please take care of our planet, we only have one."

    EDIT: And rooted. Really nice box but I fell into too much rabbit holes....
    Thanks to InfoSecJack & chivato for this great box!

  • After you've rooted, please, undo everything you've done and clean up. Stop leaving the door open.

    clubby789

    • GCIH
      If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments, or on box release night). And remember to +respect me if I helped you ; )
  • Any hint about crypto?

Sign In to comment.