How on earth has anyone managed to hack into this box. I'm getting nothing back from dirb scans. I've found the under construction page but that's it. What the hell am I missing here (a lot I suspect).
Congratulation @InfoSecJack for the first blood $_$ .. but why it says after 4 hrs !!
First blood occurs in the future lol. I think it's a bug, been noticing it lately.
Back to the topic: Can anyone tell me if the creds are useful elsewhere aside from logging in to see an incomplete site?
Rooted. Interesting box.
Foothold: Look for clues, don't focus on things that aren't dynamic. If something is working slowly, find something faster.
User: Go back to your notes
Lateral movement: The name helps
Root: Find out more about yourself
GCIH | GCIA
If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments, or on box release night). And remember to +respect me if I helped you ; )
Rooted.
You need to enumerate everything at the beginning. Anything you find can be used later.
If something isn't working for you then you either have to:
1) Reset the box - because the exploit method can be unstable at times
2) Try a newer exploit/page.
Hints:
Metasploit will not help you here.
The rest of the box is not new stuff. I've seen the root exploit 4+ times on other boxes on this website.
If you like my advice, please give me some respect! Thanks!
Message me on discord: godylocks#5721
Rooted. Root seemed way too easy, so I'm not sure if it was actually intended or not.
Foothold - Fuzzing for a different entry point before forcing your way in (you can also check the front page for a hint as to where to look)
User - The name of the box isn't irrelevant
Root - Show your power and gtfo
rooted
Interesting machine ; good job
user : enumerate and enumerate and enumerate and enumerate and enumerate and exploit ...
root : remember what you see when you open the door and privesc like a charm
thank you for the box
Comments
Type your comment> @chicxulub said:
It's back up
Seems a little unstable, but not drastically, phew
We are the things that were and shall be again
Congratulation @InfoSecJack for the first blood $_$ .. but why it says after 4 hrs !!
I wouldn't mind some +respect if I helped you ;)Type your comment> @Drxxx said:
Timestamps are fucked up. Every new machine someone posts this ahahah
How on earth has anyone managed to hack into this box. I'm getting nothing back from dirb scans. I've found the under construction page but that's it. What the hell am I missing here (a lot I suspect).
@Drxxx said:
First blood occurs in the future lol. I think it's a bug, been noticing it lately.
Back to the topic: Can anyone tell me if the creds are useful elsewhere aside from logging in to see an incomplete site?
anyone can see the incomplete site without the creds
Thanks @R3m0tE, I'll take another look at that empty thing. @Linoge some people bypass the login before actually finding the creds
Type your comment> @R3m0tE said:
if anyone crack whats in the login page or is not the path ???
Type your comment> @avonsec said:
id did lol
then i found the creds
Type your comment> @ElVi7MaJoR said:
So ? Did you find them useful some how ?
I wouldn't mind some +respect if I helped you ;)Type your comment> @Drxxx said:
they just give me access in login for now
god dammit, just found the H**
this is the first box that i've seen that does that, it shouldn't be allowed ๐๐๐
EDIT: so i have no idea how you're supposed to get user, but rooted :^)
i found cached version of op**** on goo*** which contain a vulnerability report for that version,
OSCP | I'm not a rapper
Spoiler Removed
Is there something hidden in the image? I've tried to analyze with fft and a couple other methods. Not seeing anything...
Rooted. Interesting box.
Foothold: Look for clues, don't focus on things that aren't dynamic. If something is working slowly, find something faster.
User: Go back to your notes
Lateral movement: The name helps
Root: Find out more about yourself
If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments, or on box release night). And remember to +respect me if I helped you ; )
Same here @Brogramm3r . I've had rockyou.txt running with steghide decode... but nothing for ages. Stopped it now.
eJPT
rooted, really nice machine
Type your comment> @thegingerninja said:
Don't waste time on it
Rooted.
You need to enumerate everything at the beginning. Anything you find can be used later.
If something isn't working for you then you either have to:
1) Reset the box - because the exploit method can be unstable at times
2) Try a newer exploit/page.
Hints:
Metasploit will not help you here.
The rest of the box is not new stuff. I've seen the root exploit 4+ times on other boxes on this website.
If you like my advice, please give me some respect! Thanks!
Message me on discord: godylocks#5721
Found the password for the admin user, but can't get the reverse shell. Is the remote execution exploit is the way to go?
Rooted. Root seemed way too easy, so I'm not sure if it was actually intended or not.
Foothold - Fuzzing for a different entry point before forcing your way in (you can also check the front page for a hint as to where to look)
User - The name of the box isn't irrelevant
Root - Show your power and gtfo
Thanks @ASHacker
defarbs.com | Retired Machine Writeups! - "Let me just quote the late, great Colonel Sanders, who said, 'I'm too drunk... to taste this chicken.'โ
Interesting machine, except for the stability part at the beginning.
User : use the info you find, no need to break the machine
Root : some basic privesc enumeration should guide you to the end
If you're stuck, PM for more hints (here or on discord: cerebro11#1281)
Thank you for your time...
Congrats to you guys @cerebro11 @farbs @godylocks @H0ru5 @clubby789
And sorry @godylocks i didn't know that root exploit was already on other machine...
rooted
HTB{HappyHacking}
r0000ted. If anyone needs help AFTER getting a HUGE headache, I might give you a nudge.
discord: vicio#4677
Always Remember MRX Rules:
1. No System is Safe
2. Aim for the Impossible
3. Have fun at cyberspace and meat space
Thx @ASHacker. Interesting box. The user part gave me hard time! Overall, good challenge!
rooted
like a charm
Interesting machine ; good job
user : enumerate and enumerate and enumerate and enumerate and enumerate and exploit ...
root : remember what you see when you open the door and privesc
thank you for the box
Congrats to @t0vlix @vicio @gverre @rfg
And please review the machine, that will be helpfull for future