Magic

11517192021

Comments

  • Anyone for a nudge?

  • edited May 21

    Spoiler Removed

  • @mrshershulya said:

    su doesn't work, how to get user?

    Do you have a proper shell? When you say "su doesn't work" - do you mean it rejects the password or generates an error message?

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • edited May 21

    @TazWake, I spawned shell, It writes "su: Authentication failure"

  • @mrshershulya said:

    @TazWake, I spawned shell, It writes "su: Authentication failure"

    Ok, you might have the wrong password for the user you are trying. If you need/want more detail you will need to DM.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • edited May 21

    Gosh... Is there anyone I can get help with f****? I keep running an error on the p****** that is running on f**** this is for root

    Hack The Box

  • Damn... Finally rooted this box heck I am breaking out in sweat for the root.

    Hack The Box

  • edited May 21

    Nice box. This would be a good OSCP prep box. I think there are a couple slightly different ways to get the initial foothold.

    Hack The Box

  • Could someone PM me for user account? I've found m**** creds and been stuck on w********* shell...

    d3thman

  • edited May 22

    I'm at the end here... struggling to use the inspection tool against the interesting binary... a nudge in the right direction would be really appreciated

    Edit: Rooted. Clearly was overthinking it. Thanks @TazWake and @N0tAC0p for the nudges!

    MrHyde

  • Looking for help on the basics sadly, i am having a hard time bypassing this login page. Any nudges would be great. I would like to be better at burp suite and sql injection. Help, resources, and advice would be great for me to learn. I have googled quite a bit already and tried many things. Help on bypass please!

  • @JitB said:

    Looking for help on the basics sadly, i am having a hard time bypassing this login page. Any nudges would be great. I would like to be better at burp suite and sql injection. Help, resources, and advice would be great for me to learn. I have googled quite a bit already and tried many things. Help on bypass please!

    If you google what you are trying to do there is a wealth of interesting articles which will help you.

    Anything else is going to be flagged as a spoiler.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Rooted .. Amazing box.. DM for nudges.

  • edited May 22
    User owned! Working on root.
    It wasn't hard like it seems but cool, learned a few new useful things in the exploiting phases.
    Owning user took me a certain time, please don't reset the box every time or use strong tools, burp,Hydra or other tools like that aren't needed.

    If you need a little hint PM me.
  • Im stuck as w**-***a any help getting to user t*?

  • Rooted! Very fun box, and according to some comments very OSCP-like so I've taken extra notes.

    Foothold:

    • Very basic bypass. Just use a proxy and don't get directed to somewhere else.
    • Make sure you know where the right directories are for the images

    User

    • Enumerate as much as possible, there are some installed tools that will let you view the contents of what you need
    • Don't overthink it once you find it

    Root

    • Enumerate for interesting programs, something will pop out on the reports
    • You have to trick it into doing something it shouldn't

    PM me if anyone needs any help!

    Hack The Box

  • Guys, Any hint on the user ? I got the foothold easy, I got a password that is useless - not sure how to crack the user t******* , appreciate any nudge please.

  • edited May 23

    Rooted Finally! Big thanks to @TazWake and @roumy for helping in the final step! Feel free to ping for any help!

  • Anyone had this error when trying to SSH @10.10.10.185: Permission denied (publickey).

  • @wooly13 said:

    Anyone had this error when trying to SSH @10.10.10.185: Permission denied (publickey).

    Looking at it, it seems to imply you haven't used the correct public key to correct and key based authentication is enforced.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Type your comment> @wooly13 said:

    Anyone had this error when trying to SSH @10.10.10.185: Permission denied (publickey).

    That's not an error (if you don't have your key on this machine already). Try another way to log in.

  • Just rooted. It was a really good and fun one. It wasn't hard, but I've learned a bit, and spent lots of time in a rabbit hole.

  • Rooted finally,

    Nice box!

    Initial foothold:
    1- "bypass login page"
    2- trick the system

    User:
    enumerate files, try to login and export data

    Root:
    Interesting file, how can you execute the commands in another context?

  • Finally rooted this sucker!

    Hint for root : If you can't find the right path, create your own path with necessary ingredients and then you get shell shelll shell..... :wink:

    Learned a lot. Thanks @TazWake @FunkyMcBeef and @disastrpc for nudges.

    PM me if you need any nudges.

  • edited May 24
    I got the user flag but trying to use the same python script method to get root. seemed like my NC listener not responding. Appreciate if anyone can provide some hints?? thanks
  • Type your comment> @idonthack said:

    Anyone for a nudge?

    What is your doubt? PM me, if you want some help

  • edited May 26

    So its been two days i am stuck at root. I read the comments but cant figure it out. I think i never seen this method or i am having a bad time with this machine. Any nudge? :)

    I figured out! Thanks everyone for there comments.

  • I was stuck on creating the damn thing one way and the simplest way worked

  • I'm stuck at user. Dunno how to play with upload. Please DM me.

    Nism0

  • Rooted! Feel free to DM me if you need a hint ;)

    -------- xOkami --------

    xOkamil

Sign In to comment.