Official Intense Discussion

245

Comments

  • nikto scan produced this for me

  • An early form of the chunked transfer encoding was proposed in 1994.[1] Chunked transfer encoding is not supported in HTTP/2, which provides its own mechanisms for data streaming. has anyone messed with this format?

  • Working on root. Dissatisfied by my current lack of a shell. Anyone willing to do a sanity check for my current thought process? Thanks.


    Hack The Box
    defarbs.com | Retired Machine Writeups! - "Let me just quote the late, great Colonel Sanders, who said, 'I'm too drunk... to taste this chicken.'”

  • Type your comment> @sparkla said:

    Type your comment> @JMFL said:

    Does anyone know what we can do with this?

    /submit?setoption=q&option=allowed_ips&value=255.255.255.255

    Were does this actually come from? One of the first things someone sent me without any explanation.

    +1 you cant use something you dont know how it work or from where is come from

  • OSVDB-3126: /submit?setoption=q&option=allowed_ips&value=255.255.255.255: MLdonkey 2.x allows administrative interface access to be access from any IP. This is typically only found on port 4080.

  • > @JMFL said:
    > OSVDB-3126: /submit?setoption=q&option=allowed_ips&value=255.255.255.255: MLdonkey 2.x allows administrative interface access to be access from any IP. This is typically only found on port 4080.

    It's from Nikto btw...

    Hack The Box

  • false positive

  • oooofffff i got something

  • So, I can read user flag but can't get a proper shell. I Appreciate any hints on that

    justAhmed

  • can anyone pm a hint me? im stuck at the R*E part

  • Type your comment> @justAhmed said:

    So, I can read user flag but can't get a proper shell. I Appreciate any hints on that

    Same Here

  • Hi,

    I think i've found the vuln in the source code for the foothold but can't exploit it with success, can someone give me a nudge please ?

    Hack The Box

    Write ups FR : https://hackingdom.io/

  • edited July 8

    Anyone else had a problem with the self generated c*** and solved it? I tried it local the c*** is valid but the data is not correct, it should be adminaccount:adminhash but instead it is otheruser:adminhash

    edit: Never mind, the solution was kind of easy.

  • @sparkla said:

    Type your comment> @JMFL said:

    Does anyone know what we can do with this?

    /submit?setoption=q&option=allowed_ips&value=255.255.255.255

    Were does this actually come from? One of the first things someone sent me without any explanation.

    Either it is being shared as part of some other discussion on how to get a shell or people are googling for exploits on a particular platform or a medium article and hoping that it is relevant.

    ( I have no idea if it is relevant or not )

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • edited July 8

    Having a headache reverse engineering the second part after the dot

    EDIT: got it thank you @HomeSen

  • @k4u5h1k said:

    Having a headache reverse engineering the second part after the dot

    Not sure what you are trying to reverse engineer on the part behind the dot. You have the source, so you should be able to simply see what it is about.


    Hack The Box
    GREM | OSCE | GASF | eJPT

  • Type your comment> @HomeSen said:

    @k4u5h1k said:

    Having a headache reverse engineering the second part after the dot

    Not sure what you are trying to reverse engineer on the part behind the dot. You have the source, so you should be able to simply see what it is about.

    But you can't calc the 2nd part without knowing the value.

  • @ps9786 said:

    @HomeSen said:

    @k4u5h1k said:

    Having a headache reverse engineering the second part after the dot

    Not sure what you are trying to reverse engineer on the part behind the dot. You have the source, so you should be able to simply see what it is about.

    But you can't calc the 2nd part without knowing the value.

    Well, that's the actual challenge. Looking at how it is constructed, there is a way to "bypass" it ;)


    Hack The Box
    GREM | OSCE | GASF | eJPT

  • First Hard box im trying, and need some help. can someone pm please? :blush:

  • Got root.
    Thank you @sokafr for such a nice box. Enjoyed analyzing python code.

  • @dayld congratz ! I'm glad you enjoyed it :)

  • I'm stuck, I've managed to get a hash, but I can't crack it. Can anyone give me any clues?

  • Rooted!!
    The root and user part are quite different than the usual machines.

    HInts:

    For user part, you'll find something vulnerable at webapp, use that and read the zip file very carefully ...all you need is in those scripts, there is an attack that is unheard of...gotta make your own script .
    For root part, sometimes when you can't get to the other end of a river through a bridge, then maybe you could make a tunnel with your B*F weapons.

    I hope i have not spoiled anything!! Feel free to pm me...

  • @CyberVaca said:
    I'm stuck, I've managed to get a hash, but I can't crack it. Can anyone give me any clues?

    You don't need to crack it. Look into other attacks against cryptographic hashes.

  • Type your comment> @metuldann said:

    @CyberVaca said:
    I'm stuck, I've managed to get a hash, but I can't crack it. Can anyone give me any clues?

    You don't need to crack it. Look into other attacks against cryptographic hashes.

    @metuldann said:

    @CyberVaca said:
    I'm stuck, I've managed to get a hash, but I can't crack it. Can anyone give me any clues?

    You don't need to crack it. Look into other attacks against cryptographic hashes.

    Ok, thx u. ;)

  • Spoiler Removed

  • Spoiler Removed

  • Type your comment> @k4u5h1k said:

    Type your comment> @shaoyongyang said:

    i stuck at how can execute two Sqlite SQL. the sqlite execute mehod only can be execute one sql. it's a rabbt hole? i tried using google , but not get any good result.

    use CASE

    nice, i scccessful executed sql. thanks.

  • Spoiler Removed

  • @shaoyongyang said:

    i tried sql inject, but it's faild. bad way. but it existence. just Sqlmap not support.

    I'll just this quote from the home page of the box, here:

    One day, an old man said "there is no point using automated tools, better to craft his own".

    ;)


    Hack The Box
    GREM | OSCE | GASF | eJPT

Sign In to comment.