Magic

1101113151621

Comments

  • Rooted.
    Very nice box, pm for nudges. :smiley:

  • Great box. Enjoyable and relatively easy for those familiar with standard concepts. The root priv-esc is one of those; you're either familiar with it or you're not, but it is very simple cyber-101 stuff and, for those not familiar, the hints on here are discreet enough to aid you if you look at them carefully. Thanks to @TRX for a solid machine.

    5ysk3y

    For assistance:

    1) Plz msg me via the main HTB messaging system, not the forums or my wall
    2) Give me some insight as to what you've tried already, or ideas you've moved past
    3) Don't expect me to give you the answer-- that defeats the object of being here.

    If you find my assistance useful, in any case, please consider clicking that awesome respect button on my profile!

  • yay! rooted!

    Enough tips in this thread... very simple once you spot the right file

    Hack The Box

  • Great box for me, especially since I am starting, I have learned a lot.

  • I've got user 3 days ago but cannot take root... wtf? can anyone help me, please? I'm totally stuck. Thank you.

  • @IvanGlinkin said:

    I've got user 3 days ago but cannot take root... wtf? can anyone help me, please? I'm totally stuck. Thank you.

    Find a file which might be useful, look at what it is doing and then exploit the road it takes.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

    Currently have very limited HTB time but will try to respond as quickly as possible.

  • can someone help on how to get user i am as www-data i have some creds from d*.**p5
    but then i am stuck

  • Can someone give me a little nudge for the initial foothole?
    From what I've read it's simple, but I have know clue what to do.
    I found l***n.php and u****d.php but I only can interact with first.

  • @mava said:

    Can someone give me a little nudge for the initial foothole?
    From what I've read it's simple, but I have know clue what to do.
    I found l***n.php and u****d.php but I only can interact with first.

    If you google for what you are trying to do, there is a post which should be one of the first results and is full of useful information.

    Other than that try uploading various things to confirm what is and isn't allowed.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

    Currently have very limited HTB time but will try to respond as quickly as possible.

  • @xenofon said:

    can someone help on how to get user i am as www-data i have some creds from d*.**p5
    but then i am stuck

    Try dumping to see if anything useful comes out.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

    Currently have very limited HTB time but will try to respond as quickly as possible.

  • i have uploaded my image but I get a Page not Repsonsive Error when I go to the image

  • Tried what I thought the box name suggests but didnt work, can I have a little help? DM

  • @inc0gnit0 said:

    i have uploaded my image but I get a Page not Repsonsive Error when I go to the image

    If it is a legitimate image, the box might have a problem.

    If it is an attack, either your attack hasn't worked or it needs to be executed in a different manner.

    For example, command shells which rely on a GET request need to be requested with a command otherwise it doesn't really know what to do.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

    Currently have very limited HTB time but will try to respond as quickly as possible.

  • @H0ru5 said:

    Tried what I thought the box name suggests but didnt work, can I have a little help? DM

    If you google what you are trying to do, the answer is in one of the first hits.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

    Currently have very limited HTB time but will try to respond as quickly as possible.

  • Rooted, fun box, its a great feeling to use magic, pm for nudges.


    Check out my blog
    Always happy to help! but please consider dropping some respect. ^^

  • Great box. After the disgusting ServMon, it is like a breath of fresh mountain air. As usual, if you are stuck - write to me in PM.

  • edited April 2020

    Rooted. The foothold was very easy, user needs a bit of enumeration, and then direct way to root..

    Awesome box, thanks a lot @TRX !

    Pm me if stuck.

    Anakin102

  • Very fun box

  • Why is the image getting deleted as soon as I am uploading?

  • Type your comment> @Anu said:

    Why is the image getting deleted as soon as I am uploading?

    Seems like there's a cleanup that happens periodically. Just be ready with your file just in case ;).

    Fun box - very magical experience. Here are some hints to try and help - don't think it's too spoilery but sorry ahead of time if it is.

    Foothold - web browsers and servers are stupid - trick it into thinking it's getting what it things its getting. file extensions can be magical and together
    User - enum for something, then enum some more with that something. you might need to create your own mechanism for this if the foothold is too janky
    Root - super basic enum techniques worked for me instead of tools (the results were overkill). find something sticky, string it up, see where it leads you

    Happy to help with judges if you want to PM :smile:

    passkwall

  • Spoiler Removed

  • having trouble connecting with ssh to user th****s, is that normal?
    error is Permission denied (publickey).

  • @asteer1 said:

    having trouble connecting with ssh to user th****s, is that normal?
    error is Permission denied (publickey).

    https://forum.hackthebox.eu/discussion/comment/71540/#Comment_71540

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

    Currently have very limited HTB time but will try to respond as quickly as possible.

  • Rooted! Good box, learned something when getting first shell. I'm dropping some hints:

    • foothold: pretty standard, almost too easy to bypass... Enter and figure out how to make your way to the system. Images can contain a lot of data... Newlines aren't your friends.

    • user: enum, then enum and finally enum! Don't surrender when you find something, just try other tools.

    • root: both a pre-made tool and a manual check should do the trick. Focus on what stands out as non-standard ;).

    I hope that I didn't spoiler anything! Enjoy

  • Finally rooted:) needed quite a few Nudges for root. It is super simple but if you have never seen the trick its hard to guess.

    As always pm for nudges :)

  • Fun box. Didn't take too long once I got down to it. I would be curious if someone wants to PM me on upload file bypass because I don't get why what I did worked, but it did.

    Otherwise, 100% fun box. All the hints are already in the thread, but just keep it simple. I like the path to root because it shows something interesting about special files. PM me for hints if you want.

  • i found a password in php database but when i try to login with su - t****** it sais authentication failure, any help?

    666snippet

  • Finally Rooted.
    This box is very much unique. I struggled for both User and Root but the knowledge I got was huge. Thanks to @FunkyMcBeef for helping/guiding me throughout the process of root

    Initial foothold:
    1.You know how to bypass login using basic things. (really a child's play)
    2. You have to upload something to get the shell
    3. Trick is not everything works. For me all the basic methods failed. But then I watched one youtube video and learned a new method to craft payload. Cat has some powerful magic I would say.

    User:
    1. Once you get shell, you know where to look first.
    2. Extract something but you don't have access to the tools.
    3. But there are other ways to do it. (really its in front of you)

    Root:
    OK this is not easy
    1. linpeas will really give you something (please read it line by line. I didn't and that's why I struggled)
    2. check what really happens in the background
    3. exploit it

    I am very much descriptive here, hope haven't spoiled anything

  • @666snippet said:

    i found a password in php database but when i try to login with su - t****** it sais authentication failure, any help?

    You need to use the password for something else, maybe use it to dump what you want out of something.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

    Currently have very limited HTB time but will try to respond as quickly as possible.

  • got USER :smile:
    Now onto root...
    Pure fun so far, thx for @TRX

    Hack The Box

Sign In to comment.