Cache

145791016

Comments

  • Would love a pm hint on enumeration. I found the n**.h*** but assuming that is rabbit hole.

  • Is P****** P***** supposed to be off by default or is someone messing with those who haven't made it in yet? I'm finding enumeration on the H** side to be very difficult because it seems like the service is constantly being altered, and finding any way of authenticating to do one of the exploits I've found looks like an exercise in futility.

    ph03nix0x90

  • @ph03nix0x90 said:

    Is P****** P***** supposed to be off by default or is someone messing with those who haven't made it in yet? I'm finding enumeration on the H** side to be very difficult because it seems like the service is constantly being altered, and finding any way of authenticating to do one of the exploits I've found looks like an exercise in futility.

    It is supposed to be available. But yes, people tend to constantly break the machine by using ready-made scripts, instead of using a way easier (and more stable) option for gaining RCE on the server.


    Hack The Box
    GREM | OSCE | GASF | eJPT

    Feel free to PM me your questions, but please explain what you tried, so far.

  • Spoiler Removed

  • Google is your best friend when it comes to find a flaw on your victims.

    Hack The Box

    discord: vicio#4677

    Always Remember MRX Rules:
    1. No System is Safe
    2. Aim for the Impossible
    3. Have fun at cyberspace and meat space

  • User: Go back to your notes

    I am going to chalk this up to working from home and not giving this 100% attention. But I spent over an hour looking for the lateral move before I figured out it was literally the very first thing I found

  • It’s interesting to see people talk about user and lateral movement. Depending on how you did the box, you could do either user first after you get a foothold. You don’t have to go in a specific order. However one holds the flag and the other is on the path to bigger things. You can definitely get root first and then back track.

    limelight

  • Hi,
    I suddenly found the /por**l directory is enabled, it was disabled yesterday... which is the original state?

  • Rooted, need help, let me know.

    Keep Hacking and Keep Safe.

  • Rooted.

    Very fun box, I learnt a couple new things and have some new tricks up my sleeve now.

    I'm interested to hear how others got root first. I think I took intended paths.

  • Is the portal supposed to be enabled or disabled? Yesterday disabled, earlier today enabled, now disabled again. Had a working exploit but now I don't know if it's the intended way...

  • edited May 2020

    I Thank you all for your time on the machine... @AwkwardUnicorn @limelight @itachi982 @sk4 @fr0ster @jiggle @D8ll0 @DaWoschbar @skunk @41fr3d0 @Dark0 @SneakyHedgehog @3l33t @Termopan @hg8 @beorn

    I hope you have used intended way to exploit root because that is fun😄👍 (mount method is also great and valid but really easy)

    And please give your precious review of machine on HTB site.

    ASHacker

  • found the portal, bypass-ed the authentication.. trying injection to extract vital info which can bring me further.. anyone can provide nudges??

    image

    Be happy, always

  • Type your comment> @lancelai said:

    found the portal, bypass-ed the authentication.. trying injection to extract vital info which can bring me further.. anyone can provide nudges??

    DM

  • uid=0(root) gid=0(root) groups=0(root)

    Rooted Finally!!!

    PM me for help ...

    image
    Respect me if I helped U

  • Spoiler Removed

    EJPT - QUALYS CP

  • edited May 2020

    how can i get user1 and user2? please

  • Type your comment> @madm4n said:

    i got 3w-data , and stuck. can not find anything useful

    switch user, you have already found the creds earlier on which is useful now, but not useful in user flag.

  • edited May 2020

    ROOTED
    lol what a journey
    i spent more time fighting resets . Like i had to repeat over and over again because the box was getting reset evry 5 mins

    For the shell like one of the members mentioned there is a way not so intrusive like the RCE .So i didnt use it .

    Root was nice ,a well know technique a little google will give you what you need .

    @ASHacker cool box!

  • I would like to try it too, but the portal is always offline, can anyone stop breaking the site?

    Hack The Box

  • @luca76 unfortunately is like that the site is stable for 5 mins .So you have limited time and repeat 1000 times .: (
    But apart from that the box is really cool and like always people spoil it a bit

  • yes nothing to say on the box and very funny, I'll try again this afternoon, now it's impossible to work on it

    Hack The Box

  • need nudges in bypassing h** login page...

  • Rooted!!!! this machine.
    Thanks to my teammate @Centip3d3 for the nudges.

  • So my little advice is "txt is superior to py" For everyone sake please use the non destructive way in rather than ruining everyone's game. Root was breeze and enjoyable.

  • edited May 2020

    Just got root, thanks to @Zard and @Dark0 for the nudge.
    I have never knew the blue whale and the cache can do this kind of magic...

  • Rooted late last night. My favourite past was was the second user. Never used this service before. Overall an excellent box.

  • Type your comment> @garffff said:

    Rooted late last night. My favourite past was was the second user. Never used this service before. Overall an excellent box.

    me too.. i have never thought this can be exploited... just learned about this moments ago.

  • edited May 2020

    rooted, thanks for all who helped me..

    user: was not easy for me, as it required to understand the chained vulnerabilities and what to extract..

    user2: not that difficult as it related to the box name..

    root: quite easy, gtfo, as mentioned by others in this forum..

    image

    Be happy, always

  • you have to do something it is not possible so, the riane box up only for a few seconds and then down again

    Hack The Box

Sign In to comment.