Magic

1121315171821

Comments

  • @shinjikun said:

    rooted the box! but root.txt doesn't seem to have the right Hash.
    Did somebody experience the same Thing ?

    Its a dynamic hash so chances are:

    1) the box reset between you getting the hash and submitting it.
    2) the hash you have was submitted before was recognised (I have no idea how the dynamic hashes work)
    3) somehow you ended with an old hash.

    Its never happened to me so I have no idea what the solutions are but people have suggested resetting the box and re-rooting it so you know you have the right hash or wait a bit and try again.

    At the very least this should be reported to HTB via Jira https://hackthebox.atlassian.net/servicedesk/customer/portal/1 - they cant fix the process if they don't know it is broken.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • any hints on root? got user

  • Nice box with good exploitation path.

    User:

    • You don't have to login in order to go further, but if you want to login, it's a basic challenge.
    • Basic RCE, check what actions you can do there - lots of explanation about it. Just google.
    • Once you have a reverse shell, enumerate everything.

    Root:

    • I assume there is a rabbit hole so if it's not working, go on..
    • Again basic enumeration will give you all the details you need.
    • Pay attention to who you are and what you own.

    Hope it's not a spoiler.

  • Just got the root on Magic...thanks to Mty0x for a nudge on root...pm me if you are stuck

  • This is infuriating. Somebody keeps deleting my shell and killing my session. Am I doing something wrong or is someone being a dick?
    I can't work on root because my session dies after 2 minutes...

  • @89jase said:

    This is infuriating. Somebody keeps deleting my shell and killing my session. Am I doing something wrong or is someone being a dick?
    I can't work on root because my session dies after 2 minutes...

    Shells are getting automatically removed after a short amount of time, IIRC. The session should be stable, though. Maybe try another payload for generating your shell ;)


    Hack The Box
    GREM | OSCE | GASF | eJPT

  • f***ing stuck at user..
    someone can PM me?

  • edited May 7

    great boX!
    learned a lot of stuff!!!

  • Rooted! Finally

    Lesson learn: don't dig too deep to a rabbit hole

  • edited May 7
    [email protected]:~# id
    uid=0(root) gid=0(root) groups=0(root)
    

    Got root, but the hash in root.txt appears to be wrong? Wtffff


    htb
    [ Twitter: @nicoswd | Discord: nicoswd#9146 | keybase: @nicoswd | PHP ZCE ]

  • @nicoswd said:

    Got root, but the hash in root.txt appears to be wrong? Wtffff

    https://forum.hackthebox.eu/discussion/comment/72917/#Comment_72917

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • edited May 7

    Type your comment> @TazWake said:

    @nicoswd said:

    Got root, but the hash in root.txt appears to be wrong? Wtffff

    https://forum.hackthebox.eu/discussion/comment/72917/#Comment_72917

    Thank you! I'll try that 🤟

    EDIT: That did it, thanks!


    htb
    [ Twitter: @nicoswd | Discord: nicoswd#9146 | keybase: @nicoswd | PHP ZCE ]

  • Type your comment> @TazWake said:

    @shinjikun said:

    rooted the box! but root.txt doesn't seem to have the right Hash.
    Did somebody experience the same Thing ?

    Its a dynamic hash so chances are:

    1) the box reset between you getting the hash and submitting it.
    2) the hash you have was submitted before was recognised (I have no idea how the dynamic hashes work)
    3) somehow you ended with an old hash.

    Its never happened to me so I have no idea what the solutions are but people have suggested resetting the box and re-rooting it so you know you have the right hash or wait a bit and try again.

    At the very least this should be reported to HTB via Jira https://hackthebox.atlassian.net/servicedesk/customer/portal/1 - they cant fix the process if they don't know it is broken.

    Thanks you! Worked great!

  • id

    uid=0(root) gid=0(root) groups=0(root),100(users)
    Nice box!

  • every time a upload an image it says

    what are you trying to do there

    i tried png and jpg with and without a shell
    any idea

  • Type your comment> @AhmedSaedAbdo said:

    every time a upload an image it says

    what are you trying to do there

    I was getting this as well and it was quite annoying. I haven't looked too deeply into why this is happening, but maybe it's session related. At some point, the same request that was being blocked before would suddenly start working again.

    I've lost a lot of time on this because I discarded methods that turned out to work later.


    htb
    [ Twitter: @nicoswd | Discord: nicoswd#9146 | keybase: @nicoswd | PHP ZCE ]

  • Any hints or guides on getting root. Please send. I'm using suid3num.py and pspy but not sure what i should be looking for or exploiting.

  • Type your comment> @schizo said:

    is it normal to have
    [email protected]: Permission denied (publickey). ???
    stuck in www-data

    got a USER !!!
    Hint: use alternative way

    Can you DM me the alternative way? can't get past it

  • Type your comment> @unethicalnoob said:

    Type your comment> @schizo said:

    is it normal to have
    [email protected]: Permission denied (publickey). ???
    stuck in www-data

    got a USER !!!
    Hint: use alternative way

    Can you DM me the alternative way? can't get past it

    Whatever you find, keep it, and use it. (:

    a3n3a

  • Type your comment> @a3n3a said:

    Type your comment> @unethicalnoob said:

    Type your comment> @schizo said:

    is it normal to have
    [email protected]: Permission denied (publickey). ???
    stuck in www-data

    got a USER !!!
    Hint: use alternative way

    Can you DM me the alternative way? can't get past it

    Whatever you find, keep it, and use it. (:

    got user but root seems difficult.
    linpeas,pspy got me nothing

  • Type your comment> @unethicalnoob said:

    Type your comment> @a3n3a said:

    Type your comment> @unethicalnoob said:

    Type your comment> @schizo said:

    is it normal to have
    [email protected]: Permission denied (publickey). ???
    stuck in www-data

    got a USER !!!
    Hint: use alternative way

    Can you DM me the alternative way? can't get past it

    Whatever you find, keep it, and use it. (:

    got user but root seems difficult.
    linpeas,pspy got me nothing

    In same position pretty much

  • Stuck with Root..found the interesting binary s*****o but unable to figure it out...Can somebody please help?

  • Rooted, fun and pretty straightforward box. I'm ashamed that rooting took me so long. It should be 5 minutes. But well :)
    Thank you for nice box!

    foxtrotcharlie

  • Type your comment> @Faelian said:

    Obviously, I find what I am looking just after asking for help 🙄.
    Search for OWASP documentation about file upload. There are some strange configuration about what get to be executed on a server.

    Omg that is literally the dumbest thing I've ever seen. Wasted like 2 hours on this one :/

  • So i know the username and have tried adding my key to the authorized_keys file, also tried known_hosts but I still get the Permission Denied (publickey) error. Any thoughts?> @a3n3a said:

    Type your comment> @unethicalnoob said:

    Type your comment> @schizo said:

    is it normal to have
    [email protected]: Permission denied (publickey). ???
    stuck in www-data

    got a USER !!!
    Hint: use alternative way

    Can you DM me the alternative way? can't get past it

    Whatever you find, keep it, and use it. (:

    So i know the username and have tried adding my key to the authorized_keys file, also tried known_hosts, but I still get the Permission Denied (publickey) error. Alternatively tried using locate .pub to identify any accessible keys from RCE and tried these as my own as well. Any thoughts? PM?

  • Type your comment> @unethicalnoob said:

    Stuck with Root..found the interesting binary s*****o but unable to figure it out...Can somebody please help?

    Understand what all commands it execute

    Vibhu025

  • Type your comment> @c1black8 said:

    Hi All. Working on root. When trying to upgrade the shell, it seems I am now getting an error that won't allow /bin/sh commands. Anyone having that problem or know how I might be able to get around? This was not an issue for the last few days.

    I'm having the same problem. And when I try to execute any commands using the shell type i get cannot open xyz binary:

    [email protected]:/# /bin/sh echo hello
    /bin/sh: 0: Can't open echo

  • Got both the user and root flags but getting Error when I try and enter each one which is annoying after burning the midnight oil to get this box finished. I know I am not the first person to suffer this problem, I am on VIP so does that make any difference?

  • @flymomike said:
    Got both the user and root flags but getting Error when I try and enter each one which is annoying after burning the midnight oil to get this box finished. I know I am not the first person to suffer this problem, I am on VIP so does that make any difference?

    NVM accepted both flags when I tried a different way to enter them

  • Type your comment> @flymomike said:

    @flymomike said:
    Got both the user and root flags but getting Error when I try and enter each one which is annoying after burning the midnight oil to get this box finished. I know I am not the first person to suffer this problem, I am on VIP so does that make any difference?

    NVM accepted both flags when I tried a different way to enter them

    Just out of curiousity, would somebody mind giving me a nudge how you would get round the login page at the start without using some of the more common OWASP top 10 gotcha's, which I obviously used.

Sign In to comment.