Type your comment> @n0Idea said:
> I'm stuck at the wordlist i should use to brute force
> Any hints guys?
There is a tool available to generate wordlist from a website automatically.
Brute Force needed with that list, but if you have luck you can find the pass with trial & error. Just names are important as creds.
A Chemist doing Penetration Testing - Check the Story here: BinaryBiceps
There is a tool available to generate wordlist from a website automatically.
Brute Force needed with that list, but if you have luck you can find the pass with trial & error. Just names are important as creds.
Yes. i already founded the username, now i did found the password
Thanks
One tip, when modding python scripts to read lines from file, don't forget to strip the last character, \n. A lot of time wasted for that stupid thing, had to see it at wireshark.
I stopped hacking for a while and came back and did this box. The first part really bugged me and I ended up using a traditional tool and replaced it with a basic tool.
For user I had to dig some more but I found something older and a website helped me find more out about it.
Root I had to google what the hell the last line meant. When I discovered the website detailing a little more about that line, well, the rest is history.
I had to stay up all night anyway for work things, and this was a decent headache to get back on track for OSCP. Im glad I stuck this box out and finished it. Thanks for it.
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
I found a username in a t. file, and created a cool password list.
But unfortunately I don't get a working login.
Can anyone send me a nudge via PN?
Google the application you are attacking and see if has any built in protection against what you are doing. Then there might be some guidance or POC code which lets you do what you are trying to do.
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
Hi guys,
I'm loosing my mind, I'm in with a limited shell, I can't found any helpful (some h**es imposible to decrypt, a mss from s***n with a weird method). Please, Could anyone send me a nudge??
Rooted, @egotisticalSW Box was nice , just got irritated at initial foothold. But liked the priv esc part, though I initially got lost in all suid part. It was easier if I would have been on right track since start. But loved it. Good box!!
Hi guys,
I'm loosing my mind, I'm in with a limited shell, I can't found any helpful (some h**es imposible to decrypt, a mss from s***n with a weird method). Please, Could anyone send me a nudge??
I'm stuck here too . Would be great if anyone could send me a nudge too! Thanks
I finally got root. I must admit, I think I was the opposite of most and priv esc to root took me the longest of any of the legs. I was definitely in the overthink community on that one.
Thanks @egotisticalSW for the box!
Pwned! I absolutely hated foothold.... was so pissed off i had to take a week off this box. besides, didn't use m***s****t so I took a longer route I guess.
Foothold: No Lorem ipsum crap, so maybe the text is useful? Couple of ways to proceed from here.. just be cewl and try opening the door. Once in, use google! Where do people usually report bugs?
User: where does this thing store credentials? is there a copy? are they valid? are they users of the box?
Root: was almost instantaneous... check your privs and you'll notice something famously wrong.
Rooted.. Nice box, like everyone said initial foothold was bit difficult.. but user and root was pretty easy
Foothold : Enumeration is the key... Enumeration will eventually lead you to a gate.
Simple googling about the gate will reveal a recent vulnerability and its POC script, make a note of that and move on...
Enum with different extensions for the gatekeeper. If your favorite tool can't do the work, switch to another one... After trying with DIRB and DIRBUSTER, I moved on to GOBUSTER which did the work for me..
once you find the gatekeeper, The keys for gate are right in-front of you from the beginning
Once you have the gatekeeper and keyssss ready, then modify the POC script for your advantage considering the gatekeeper and keysss.
After finding out the gatekeeper and key you can use the famous M********t Module with the creds..
User : Enum, Enum, Enum... pay close attention to what you see.. And always remember that newer things are always better
Try to remember what you saw earlier and where you saw it...
Keep in mind that, Sometimes some things can take different forms...
Root : Its basic privesc and giving any clue will be a spoiler..!!!
But keep in mind that, Sometimes when someone says we cannot do that it exactly means that we can do that...
Hope that I am not spoiling the machine....
Still If anyone needs help... I will always there for you... Feel free to DM @ciphercode for any nudges...!!!
This is probably a stupid question, but this is my first real box:
I managed to upload a p0wnyshell to the server and I figured out the user pwd, but I have no idea how to continue.
I can't su because I don't have a tty shell (and upgrading to a tty shell doesn't work)
I have tried to create a reverse shell that connects to my Raspberry Pi via python, bash, PHP etc. but nothing happens. It seems like I can't connect to anything.
And, as I said, stuff like sudo or su doesn't work with my p0wny shell
This is probably a stupid question, but this is my first real box:
I managed to upload a p0wnyshell to the server and I figured out the user pwd, but I have no idea how to continue.
I can't su because I don't have a tty shell (and upgrading to a tty shell doesn't work)
I have tried to create a reverse shell that connects to my Raspberry Pi via python, bash, PHP etc. but nothing happens. It seems like I can't connect to anything.
And, as I said, stuff like sudo or su doesn't work with my p0wny shell
@dux800 Tty doesn't really work with p0wnyshell I guess, I've tried most of those commands
Edit
I solved my problem, I tried to connect to my external IP address instead of my VPN IP address. That makes sense, but it took me hours to figure that out. Now I have my tty reverse python shell
A lot twists here and there. but finally rooted.
Intial foothold is a pain, user seems a bit unrealistic to me.
rooting was a piece of cake due to a very uncommon config/bug mix.
@gunroot said:
Enumeration is the key for foothold. Do with some extensions. Google "how to generate custom wordlist from a website?" .
I've got the wordlist down, but cannot get a working syntax with h**** to be successful, and not sure if I should try to find another tool, or if I just need to learn this one better
Found the foothold user pretty quickly. Made my list OK (it turns out it did include the correct pw). There is some code I adapted to find the right password, but it didn't work (need to understand why at some point). After several hours of scratching around I entered the correct password manually as it stood out to me.
From there getting user and root were pretty quick, but learnt some good stuff along the way. Thanks to @egotisticalSW for the fun box!
Feel free to reach out if you need a nudge.
Ok. I've been working on this box since early yesterday afternoon. I believe I have located the user pass, but having difficulty with the username. Can someone offer a nudge?
Also, I think my fuzz syntax may have an issue as I keep getting Fatal exception: FUZZ words and number of payloads do not match!
my code: wfuzz -c -z file,users.txt -z file,pass.txt http://10.10.10.191:80/FUZZ
Comments
> I'm stuck at the wordlist i should use to brute force
> Any hints guys?
There is a tool available to generate wordlist from a website automatically.
Brute Force needed with that list, but if you have luck you can find the pass with trial & error. Just names are important as creds.
A Chemist doing Penetration Testing - Check the Story here: BinaryBiceps
Type your comment> @gunroot said:
Yes. i already founded the username, now i did found the password
Thanks
Drop a message for any nudges.
Got root! Initial foothold was the hardest part, after that everything was a breeze. PM for nudges.
One tip, when modding python scripts to read lines from file, don't forget to strip the last character, \n. A lot of time wasted for that stupid thing, had to see it at wireshark.
I stopped hacking for a while and came back and did this box. The first part really bugged me and I ended up using a traditional tool and replaced it with a basic tool.
For user I had to dig some more but I found something older and a website helped me find more out about it.
Root I had to google what the hell the last line meant. When I discovered the website detailing a little more about that line, well, the rest is history.
I had to stay up all night anyway for work things, and this was a decent headache to get back on track for OSCP. Im glad I stuck this box out and finished it. Thanks for it.
@n0Idea said:
Create your own wordlist. Kali/Parrot should come with a built-in tool to do this, created by the incredibly talented Robin Wood.
Note: https://www.nohello.com/
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
@cpc6128 said:
Google the application you are attacking and see if has any built in protection against what you are doing. Then there might be some guidance or POC code which lets you do what you are trying to do.
Note: https://www.nohello.com/
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
Hi guys,
I'm loosing my mind, I'm in with a limited shell, I can't found any helpful (some h**es imposible to decrypt, a mss from s***n with a weird method). Please, Could anyone send me a nudge??
@TazWake
Thank you. I've already found the script and have got a basic shell.
Rooted, Thank @MrClark I had loosing my patience, thanks to you I kept digging. Good box!
Rooted, @egotisticalSW Box was nice , just got irritated at initial foothold. But liked the priv esc part, though I initially got lost in all suid part. It was easier if I would have been on right track since start. But loved it. Good box!!
Type your comment> @Chuspi1k said:
I'm stuck here too . Would be great if anyone could send me a nudge too! Thanks
I finally got root. I must admit, I think I was the opposite of most and priv esc to root took me the longest of any of the legs. I was definitely in the overthink community on that one.
Thanks @egotisticalSW for the box!
Pwned! I absolutely hated foothold.... was so pissed off i had to take a week off this box. besides, didn't use m***s****t so I took a longer route I guess.
Foothold: No Lorem ipsum crap, so maybe the text is useful? Couple of ways to proceed from here.. just be cewl and try opening the door. Once in, use google! Where do people usually report bugs?
User: where does this thing store credentials? is there a copy? are they valid? are they users of the box?
Root: was almost instantaneous... check your privs and you'll notice something famously wrong.
Finally got root too. Thanks to @MrClark for the the nudge and @egotisticalSW for the box
Rooted, feel free to pm me for a nudge but be prepared to tell me what you've already tried.
Rooted.. Nice box, like everyone said initial foothold was bit difficult.. but user and root was pretty easy
Foothold : Enumeration is the key... Enumeration will eventually lead you to a gate.
Simple googling about the gate will reveal a recent vulnerability and its POC script, make a note of that and move on...
Enum with different extensions for the gatekeeper. If your favorite tool can't do the work, switch to another one... After trying with DIRB and DIRBUSTER, I moved on to GOBUSTER which did the work for me..
once you find the gatekeeper, The keys for gate are right in-front of you from the beginning
Once you have the gatekeeper and keyssss ready, then modify the POC script for your advantage considering the gatekeeper and keysss.
After finding out the gatekeeper and key you can use the famous M********t Module with the creds..
User : Enum, Enum, Enum... pay close attention to what you see.. And always remember that newer things are always better
Try to remember what you saw earlier and where you saw it...
Keep in mind that, Sometimes some things can take different forms...
Root : Its basic privesc and giving any clue will be a spoiler..!!!
But keep in mind that, Sometimes when someone says we cannot do that it exactly means that we can do that...
Hope that I am not spoiling the machine....
Still If anyone needs help... I will always there for you... Feel free to DM @ciphercode for any nudges...!!!
Hints
If your stuck on user do a careful Enumeration, probably there's something you miss, all you need is inside the box.
There two ways to exploit the box,one really easy and the other a bit complex
Root
A standard Enumeration,nothing complex!
If you need hints feel free to inbox me!
This is probably a stupid question, but this is my first real box:
I managed to upload a p0wnyshell to the server and I figured out the user pwd, but I have no idea how to continue.
I can't su because I don't have a tty shell (and upgrading to a tty shell doesn't work)
I have tried to create a reverse shell that connects to my Raspberry Pi via python, bash, PHP etc. but nothing happens. It seems like I can't connect to anything.
And, as I said, stuff like sudo or su doesn't work with my p0wny shell
<
h1>
Type your comment> @Spunnring said:
I think this will help you: https://blog.ropnop.com/upgrading-simple-shells-to-fully-interactive-ttys/
@dux800 Tty doesn't really work with p0wnyshell I guess, I've tried most of those commands
Edit
I solved my problem, I tried to connect to my external IP address instead of my VPN IP address. That makes sense, but it took me hours to figure that out. Now I have my tty reverse python shell
<
h1>
Having trouble with initial foothold at login page. Can someone nudge me?
A lot twists here and there. but finally rooted.
Intial foothold is a pain, user seems a bit unrealistic to me.
rooting was a piece of cake due to a very uncommon config/bug mix.
Would love to talk with someone regarding this box - stuck on getting the initial foothold
> Would love to talk with someone regarding this box - stuck on getting the initial foothold
Enumeration is the key for foothold. Do with some extensions. Google "how to generate custom wordlist from a website?" .
Good luck 👍
A Chemist doing Penetration Testing - Check the Story here: BinaryBiceps
Rooted, very easy but fun box.. Thanks a lot @egotisticalSW
I've got the wordlist down, but cannot get a working syntax with h**** to be successful, and not sure if I should try to find another tool, or if I just need to learn this one better
Found the foothold user pretty quickly. Made my list OK (it turns out it did include the correct pw). There is some code I adapted to find the right password, but it didn't work (need to understand why at some point). After several hours of scratching around I entered the correct password manually as it stood out to me.
From there getting user and root were pretty quick, but learnt some good stuff along the way. Thanks to @egotisticalSW for the fun box!
Feel free to reach out if you need a nudge.
Ok. I've been working on this box since early yesterday afternoon. I believe I have located the user pass, but having difficulty with the username. Can someone offer a nudge?
Also, I think my fuzz syntax may have an issue as I keep getting
Fatal exception: FUZZ words and number of payloads do not match!my code:
wfuzz -c -z file,users.txt -z file,pass.txt http://10.10.10.191:80/FUZZThanks in advance!